The SiteLock Research team has become aware of sites infected with fake WordPress plugins that provide cybercriminals with backdoor access and allow them to inject malicious content onto web pages. Below is a high-level overview of the plugins and malware being detected by our scanners and analyzed by SiteLock Research analysts. We also cover effective tips to help protect your site.
Author: Weston Henry Page 1 of 5
Search engine spam, more frequently known as SEO spam, is a technique used to manipulate rankings in a way that is not allowed by search engine terms of service.
This week we’ll take a look at an interesting SEO spam campaign that recently came across the SiteLock research desk. Turkish escorts are apparently big business and we had the opportunity to dig a bit into the makings of a malicious Turkish escort spam campaign.
Yesterday on Twitter, Dr.-Ing. Mario Heiderich of security firm Cure53 announced an unauthenticated cross-site scripting flaw in WordPress version 4.5, the current version as of the announcement, and below.
Cross-site scripting, or XSS, flaws are vulnerabilities in a website’s code where malicious actors can execute, or trick visitors or administrators to execute, malicious code in a visitor’s browser.
A recent article reported that WordPress.com is moving to enable HTTPS by default on all of its 600,000 hosted sites. This is a huge security win for WordPress users and the Internet at large. It sets a high security bar for other entities to strive for, and of course helps protect users and visitors from prying eyes.
If you’re a WordPress.com user, one way to take advantage of WordPress’s exemplary efforts is to go further and enhance the security of your WP.com site with protection services.
A recent article reported that WordPress.com is moving to enable HTTPS by default on all of its 600,000 hosted sites. This is a huge security win for WordPress.com users and the Internet at large. It sets a high security bar for other entities to strive for, and of course helps protect users and visitors from prying eyes.
If you’re a WordPress.com user, one way to take advantage of WordPress.com’s exemplary efforts is to go further and enhance the security of your WP.com site with protection services.
I love Firefox. I’ve used it since it was Firebird, if not Phoenix, and it’s my main browser on every device. I value Mozilla’s dedication to an open, secure, and private internet, and because of that, I recommend Firefox to friends and family. That’s why two recent Firefox developments have me concerned. This week we’ll discuss a troubling statement about the state of Firefox security, the sunsetting of the use of SHA-1 in SSL certificates and Firefox’s recent exception to that, and whether Firefox is still a secure browsing option.
File backups are essential to the security of any site. With regular, tested website backups, you can recover your site easily from any of the following issues:
- hardware failures
- accidental deletions
They can also be problematic. This week we’ll discuss why website backups are essential, and then reveal how faulty backup security can harm a site and how to prevent that from happening.
CDNs are great for WordPress sites because much of the post content is static and can easily be cached and served by a CDN. With visitors receiving cached content from the closest CDN data center, origin server load decreases, allowing sites to load faster for site visitors. At the same time, serving a site from multiple data centers makes the origin server more robust. A fortuitous spike in traffic won’t take a site down as the data centers handle the increased load.
Visit wpdistrict.sitelock.com for the full story.
There’s no bigger buzzword in the security world now than the ‘Internet of Things.’ The Internet of Things, or IoT, is the connectedness of everyday devices and sensors to allow the quantification and control of systems. Video doorbells alert wayward homeowners of visitors. Bluetooth fobs connect car keys to smartphones. Thermostats track heating and cooling preferences to select a tailored temperature for a homeowner. Unfortunately, the design complexity of a previously unconnected device now given intelligence and network access can lead to unforeseen issues and real-world consequences. Therefore, IoT security must be a consideration and, ideally, a foundational characteristic in their design.
In the latest article from the SiteLock research team, we’ll discuss how fake plugins get on to WordPress sites, analyze a well known fake plugin to provide a sense of what they can do, look at a non-exhaustive list of fake plugins and a couple of interesting features, and discuss ways to avoid being victimized by fake plugins.
Read the full story at our WordPress-focused site, wpdistrict.sitelock.com.