News
Authentication Bypass Vulnerability Patched in User Registration Plugin
Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On September 16, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “RegistrationMagic – Custom Registration Forms, User Registration and User Login”, a WordPress plugin […]
Read More
WooCommerce Credit Card Swiper Injected Into Random Plugin Files
It’s that time of year again! While website owners always need to be on guard, the holidays season is when online scams and credit card theft are most rampant. Administrators of ecommerce websites need to be extra vigilant as this case will demonstrate. This story starts much the same as many others that we discuss […]
Read More
Is My Site Hacked? 4 Gut Checks
The consequences of a hacked site have wide-ranging financial repercussions that extend beyond the cost of cleaning the site. Drop-offs can be anticipated for new sales from prospects spooked by “not secure” url warning labels. The same downward turn can be expected for customer retention once the news of a hack shakes consumer confidence in […]
Read More
Bluehost Account Suspended? Here’s How You Can Fix it
If your Bluehost website shows a “This account has been suspended” message, your site has been taken offline by Bluehost. This effectively means that neither you nor your visitors can reach your website and until you can fix the Bluehost account suspended issue, it will remain offline. While it is a situation that can rightly […]
Read More
WordPress Admin Creator – A Simple, But Effective Attack
Malicious admin users get added to vulnerable WordPress sites often. This can happen in a variety of different ways, and sometimes the malware that creates these malicious users can hide in plain sight. Injecting a malicious admin user into a WordPress site can allow attackers easy access back into a victims’ website after it has […]
Read More
What is WordPress Pharma Hack & How to Clean it?
There is nothing more frustrating than finding out that your website is hacked. The important thing is to stay calm. We know how to resolve a pharma hack attack and we can show you how to do it for your WordPress website. That said, manually removing the WordPress Pharma hack is a complicated and time-consuming […]
Read More
XSS Vulnerability Patched in Plugin Designed to Enhance WooCommerce
Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On November 11, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Variation Swatches for WooCommerce”, a WordPress plugin that is installed on over 80,000 […]
Read More
iThemes Security vs Sucuri: Which Will Protect Your WordPress Website?
At first glance, iThemes Security looks like a great and affordable security plugin for your WordPress websites. Especially if you consider that you can protect unlimited websites for just $199. Sucuri, on the other hand, is one of the most popular WordPress security plugins available. It packs a punch with a scanner and a firewall, […]
Read More
Sucuri vs Jetpack: Which Security Plugin is Right For Your WordPress site?
In a discussion about WordPress security, Sucuri inevitably comes up. It is one of the most popular security plugins available today. The pro plans come with a server-side scanner, a firewall, and unlimited manual malware removal. Jetpack is an all-in-one solution for a lot of WordPress functionality; not surprising since it is built by Automattic. […]
Read More