Author: Gregory Bloom

WordPress security

The Potential Dangers Of WordPress Multisite

Many individual and small company forays on the web are through WordPress on shared hosting accounts, and it’s not uncommon for a shared hosting account to hold multiple WordPress sites as needs and business grow. Site owners maintain each and every WordPress install, managing content, configuration, users and updates. At least they should. Maintaining multiple sites in a single shared hosting account is time-consuming and, as we’ll see, risky as each site on the account is a point of access that has to be secured.

Visit wpdistrict.sitelock.com for the full story.

WordPress Multisite Security

Many individual and small company forays on the web are through WordPress on shared hosting accounts, and it’s not uncommon for a shared hosting account to hold multiple WordPress sites as needs and business grow. Site owners maintain each and every WordPress install, managing content, configuration, users and updates. At least they should. Maintaining multiple sites in a single shared hosting account is time-consuming and, as we’ll see, risky as each site on the account is a point of access that has to be secured.

In this post, we’ll discuss how conglomerating multiple WordPress sites in a single account may not save time and money, it may in fact lead to the compromise of every site on the account. We’ll also discuss how to host securely, keeping all your sites from falling due to a single plugin vulnerability.

Read More

how to prevent security breaches

Authentication Failure in File Browser, Manager, Backup (+ Database) WordPress Plugin

While reviewing malware, the SiteLock Research Team detected suspicious code in a WordPress plugin. We reviewed the suspicious code and found the plugin wasn’t malicious per se, though it was potentially vulnerable to attack. We will discuss the plugin and analyze its unique authentication issues, and then discuss mitigation and the dangers of using unsupported plugins.

Visit wpdistrict.sitelock.com for the full story.

WordPress plugin vulnerability

Authentication Failure in File Browser, Manager, Backup (+ Database) WordPress Plugin

While reviewing malware, the SiteLock Research Team detected suspicious code in a WordPress plugin. We reviewed the suspicious code and found the plugin wasn’t malicious per se, though it was potentially vulnerable to attack. We will discuss the plugin and analyze its unique authentication issues, and then discuss mitigation and the dangers of using unsupported plugins.

Read More

Defaced by AnonGhost

Don’t Panic: Website Defacements from 2015

Bad actors have attacked websites since the beginning of the internet. They have many reasons for taking over websites — money, infamy, politics, curiosity — though nothing grabs attention more than the visual defacement of a site. Website defacement occurs when a bad actor gains access to the site files, and replaces the index or home page with their own page.  We’ve seen many of these over the last year, but what are the real consequences for the sites that are defaced? We’ll discuss the effects of a defacement on a website, and the reasons why they happen.  We will also outline what you should know about defacements and how to secure your site against them.

What Is A Website Defacement?

AnonGhost website defacement

Read More

how to prevent security breaches

This Week in Exploits: What Are XSS Vulnerabilities? Part 2

In last week’s “episode” of ‘This Week in Exploits’, we talked about Cross-Site Scripting (XSS) and specifically reflective XSS vulnerabilities, the most common type of XSS flaw. We now know roughly what a XSS attack is, and some of what a reflected XSS attack does, but why do XSS attacks exist? How can they be used?

 

Read More

XSS vulnerability - cross-site scripting

What Is An XSS Vulnerability? Part One

In the world of websites, hackers have a variety of tools to intrude on people’s domains. These hacks, which take advantage of vulnerabilities in a site’s code, are categorized by projects like the OWASP Top Ten.

According to the OWASP assessment, the top three most common attacks are:

  • Injection
  • Weak Authentication and Session Management
  • Cross-Site Scripting (XSS)

 

As new vulnerabilities are discovered, we still can see that a large portion of these vulnerabilities are XSS-related vectors.

Read More

Malware file containing verse

Pop Culture In Malware

Hacks are bad. A website compromise is serious, and at SiteLock we see a lot of compromised sites and malicious code. Malicious code is constantly evolving to avoid detection.   Adversaries use a large number of strategies to avoid detection, and comedy happens to be one of them.

Since hackers try everything they can think of – pop culture references, internet memes, irony – to disguise malicious code, we’ll dive into the strange and weird to show you how far adversaries will go…

Read More

Powered by WordPress & Theme by Anders Norén