Poodle and Doodle, FUD and the Sucuri WAF

On any given day, Sucuri sees thousands of clients go through the PCI compliance process. The requirements outlined by the Payment Card Industry Data Security Standards (PCI DSS) are mandatory for any website accepting credit card payment, and this process can be very stressful for website owners not familiar with these guidelines. Failure to comply… Continue reading Poodle and Doodle, FUD and the Sucuri WAF

Critical RCE Vulnerability in Elementor WordPress Plugin

Security Risk: High Exploitation Level: Easy CVSS Score: 9.9 Vulnerability: Remote code execution (RCE) Patched Version: 3.6.3 On April 12th, an important security update was released for the Elementor plugin patching a critical remote code vulnerability which allows all authenticated users, including subscribers, to upload and execute arbitrary PHP code on a vulnerable website. This… Continue reading Critical RCE Vulnerability in Elementor WordPress Plugin

Sucuri WordPress Plugin += Sucuri WAF

Sucuri has always been a dedicated supporter of the WordPress community. Our free plugin was one of our first contributions to WordPress security (before bootstrapping our efforts into our WAF/CDN, Backups, and Malware Remediation services). However, over my many years involved in web application security, I’ve found that one of the most evasive aspects of… Continue reading Sucuri WordPress Plugin += Sucuri WAF

The Case for 2FA by Default for WordPress

Administrator panel compromises are one of the most common attacks that everyday WordPress website admins face. We work with thousands of clients who have encountered attacks on their websites and I’ve long ago lost count of the number of times that I’ve told clients that the point of entry was their WordPress login page. Brute… Continue reading The Case for 2FA by Default for WordPress