Maintenance
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 1, 2023 to May 7, 2023)
Last week, there were 58 vulnerabilities disclosed in 43 WordPress Plugins and 3 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 27 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected. Our mission with […]
Read MoreXjquery Wave of WordPress SocGholish Injections
In November, 2022, my colleague Ben Martin described how hackers were using zipped files and encrypted WordPress options stored in the database to inject SocGholish scripts into compromised WordPress sites. A bit later, we documented minor changes in the way this malware worked. By the end of March, 2023, we started noticing a new wave […]
Read MoreWhat is XML-RPC? Security Risks & How to Disable
XML-RPC is a protocol designed for WordPress to standardize communication between different systems, allowing external applications (such as other blogging platforms and desktop clients) to interact with WordPress. This feature has been a part of WordPress since its early days, enabling seamless integration with the rest of the online world. However, the xmlrpc.php file, which […]
Read MoreWordfence Intelligence Weekly WordPress Vulnerability Report (Apr 24, 2023 to Apr 30, 2023)
Last week, there were 77 vulnerabilities disclosed in 68 WordPress Plugins and 3 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 32 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected. Our mission with […]
Read MoreWhat Is SEO Spam and How to Remove It From WordPress Site?
After investing a great deal of time, money, and effort into optimizing your website for search engines, your website is showing spam results on Google. SEO spam is a malicious attack which involves hackers infiltrating your website and filling it with spammy links. Hackers exploit vulnerabilities in WordPress websites to carry out their attacks. If […]
Read MoreWhat is Steganography? (Or, How Hackers Hide Malware On Websites)
As a child, I loved sending secret messages to my friends using invisible ink. A quick squeeze of lemon juice was all I needed to jot down my secret message. When combined with a simple heat source (I used the heat of the wood stove), the contents of my top secret note were revealed in […]
Read MoreUnderstanding Session Hijacking: How to Keep Your Website Safe
As the admin of a WordPress site, it’s important to protect your users from session hijacking. This is a type of attack where a hacker steals a user’s session ID to gain unauthorized access to their account. Although session hijacking affects site visitors, your site may be used in these attacks. It is important to […]
Read MoreCookie Stealing in WordPress: Understanding the Risks and Consequences
Cybercriminals can quietly steal information from unsuspecting website visitors by stealing their cookies. And while cookie stealing security advice online is typically geared towards users and site visitors, it’s important to understand that as a site owner, you’re also at risk from these types of WordPress attacks. There are a couple of ways that cookie […]
Read MoreWordPress Vulnerability & Patch Roundup April 2023
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this […]
Read More