Category: Wordpress

WooCommerce Credit Card Skimmers Concealed In Fake Images

Our research and remediation teams have noticed an increase in WooCommerce credit card skimmers on client sites over the past few years, as detailed in past blog posts. Due to the increased number of plugins and components facilitating online payments and its ease of use, WordPress has become a common e-commerce platform — and the… Continue reading WooCommerce Credit Card Skimmers Concealed In Fake Images

Hacked Website Threat Report 2021

Our 2021 Website Threat Research Report details our findings and analysis of emerging and ongoing trends and threats in the website security landscape. We’ve put together this analysis to help keep website owners informed and aware of the dangers posed by malicious actors. This year’s report is a collection of observations made by Sucuri’s Research… Continue reading Hacked Website Threat Report 2021

Vulnerability Roundup – April 2022

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this… Continue reading Vulnerability Roundup – April 2022

Keeping Up With PHP Updates

Staying on top of critical security risks and vulnerabilities is imperative for the safety of your website. Some of the types of threats impacting our client sites include injections, broken authentication, cross site scripting, or even attackers targeting components with known vulnerabilities. In this post, we’ll be going over why outdated PHP versions can lead to… Continue reading Keeping Up With PHP Updates

Poodle and Doodle, FUD and the Sucuri WAF

On any given day, Sucuri sees thousands of clients go through the PCI compliance process. The requirements outlined by the Payment Card Industry Data Security Standards (PCI DSS) are mandatory for any website accepting credit card payment, and this process can be very stressful for website owners not familiar with these guidelines. Failure to comply… Continue reading Poodle and Doodle, FUD and the Sucuri WAF

Critical RCE Vulnerability in Elementor WordPress Plugin

Security Risk: High Exploitation Level: Easy CVSS Score: 9.9 Vulnerability: Remote code execution (RCE) Patched Version: 3.6.3 On April 12th, an important security update was released for the Elementor plugin patching a critical remote code vulnerability which allows all authenticated users, including subscribers, to upload and execute arbitrary PHP code on a vulnerable website. This… Continue reading Critical RCE Vulnerability in Elementor WordPress Plugin

Sucuri WordPress Plugin += Sucuri WAF

Sucuri has always been a dedicated supporter of the WordPress community. Our free plugin was one of our first contributions to WordPress security (before bootstrapping our efforts into our WAF/CDN, Backups, and Malware Remediation services). However, over my many years involved in web application security, I’ve found that one of the most evasive aspects of… Continue reading Sucuri WordPress Plugin += Sucuri WAF

The Case for 2FA by Default for WordPress

Administrator panel compromises are one of the most common attacks that everyday WordPress website admins face. We work with thousands of clients who have encountered attacks on their websites and I’ve long ago lost count of the number of times that I’ve told clients that the point of entry was their WordPress login page. Brute… Continue reading The Case for 2FA by Default for WordPress