Author: Weston Henry Page 3 of 5

SiteLock Research Team Uncovers WordPress Plugin Vulnerability

The SiteLock Research Team will have many firsts as it develops. This week we’ll discuss the first reported and patched vulnerability the team found, a minor cross-site scripting vulnerability in Testimonial Slider.

The team has been working on putting together a new vulnerability research process.  During the creation of this process, we tested a not-so-randomly chosen WordPress plugin, Testimonial Slider.   Developed by SliderVilla.com, it displays customer testimonials in a responsive slider and has over 10,000 installs.  We chose Testimonial Slider for no other reason than it was a slider plugin after the recent Revolution Slider exploit.

What Does Testimonial Slider Do?

Testimonial Slider, developed by SliderVilla.com, displays customer testimonials in a responsive slider and has over 10,000 installs. We analyzed version 1.2.1 using SiteLock TrueCode and manual analysis.

Read More

WordPress plugin vulnerability

SiteLock Research Team Uncovers WordPress Plugin Vulnerability

The SiteLock Research Team will have many firsts as it develops. This week we’ll discuss the first reported and patched vulnerability the team found, a minor cross-site scripting vulnerability in Testimonial Slider.

The team has been working on putting together a new vulnerability research process.   During the creation of this process, we tested a not-so-randomly chosen WordPress plugin, Testimonial Slider. We chose Testimonial Slider for no other reason than it was a slider plugin, after the recent Revolution Slider exploit.

What Does Testimonial Slider Do?

Testimonial Slider, developed by SliderVilla.com, displays customer testimonials in a responsive slider and has over 10,000 installs. We analyzed version 1.2.1 using SiteLock TrueCode and manual analysis.

Read More

PCI compliance

Is Your WordPress Site PCI Compliant?

With holiday shopping in full swing, WordPress websites that accept credit cards are busier than ever. Lots of business is great. Not being PCI compliant is bad.

PCI compliance is required by all the major credit card companies and if your website is not PCI compliant, you risk penalties, lost revenue, the inability to accept credit card payments in the future and worst case, an increased risk of cardholder data exposure.

Read More

5 signs website hacked

5 Signs Your WordPress Website Has Been Hacked

Being the victim of a website hack isn’t always obvious. Here are five ways to tell if your WordPress website has fallen victim to a hacker, and they’re not what you might expect.

Read More

4 steps protect WordPress

4 Easy Steps to Protect Your WordPress Site

Whether just taking the plunge into the WordPress wonderland to launch a personal blog or full-fledged ecommerce site, or you’ve been using WordPress for a while now, it was a good choice. With a mature code base, a plethora of plugins and themes, and a vibrant, helpful community, WordPress is the ideal platform to create a rich presence on the web.

For WordPress security needs–from the development workstation to the server hosting the site—there are simple steps site owners and developers can take to help ensure a site’s overall security.

Read More

browser-security

How Browser Security Can Help Website Security

Modern browsers are more than programs used to peruse the web. Browsers are tools used to communicate, develop, conduct financial transactions, and interact with government agencies.

This week we will discuss browser security, and how it can impact website security. As a website is the portal to a company’s online presence and resources, a browser is the entryway into a user’s workstation computer and the data within.

Just How Important Is Browser Security?

The link between browser security and website security is not conflated. Here at SiteLock, we’ve seen many sites compromised through stolen FTP credentials, and entire company file stores lost to ransomware.

Browsers were the likely point of entry of these compromises.  Every website owner and web developer is sure to use a browser, most likely multiple browsers, to access the website hosting or accessing site files and credentials.  Again, the browser is the portal from the open web to the workstation.   Below, we’ll cover the steps necessary to better secure this entry point.

 

Read More

website hacked - malware code

Why Was My Website Hacked?

When talking with customers whose website have been hacked, our support teams often hear the question, ‘Why was my website hacked?’ Getting hacked is a violation. It is a violation of a company’s web properties, or the personal violation of someone’s small business or specialty site. Having the hard work of web development undone, even temporarily, is a difficult experience and SiteLock strives to restore that work as quickly as possible. Our teams are dedicated to this.

Most Website Hacks Are NOT Personal

This week we’re here to reassure readers that the majority of compromises are not targeted attacks. We will discuss how and why bad actors attack sites, and how to avoid becoming another line in an attacker’s text file of owned sites.

 

Websites are fish in the sea of the Internet and get caught up in the scanning nets of malicious actors.

Read More

Injected JavaScript

JavaScript Malware Injected Into WordPress Themes

The SiteLock support teams are always encountering new types of malware.  This week we’ll discuss a recent infection of WordPress theme files, header files specifically, brought to our attention by SiteLock’s Security Concierge, or SECCON, Team.

Where Was This New Malware Discovered?

SECCON notified the research team of what seemed to be a new JavaScript infection found in WordPress theme header.php files, like wp-content/themes/twentyfifteen/header.php. The infection consists of two lines of identical JavaScript injected into the header file, targeting the closing tag.

 

Sample malware infection

Sample Infection

Read More

UNIX file timestamp code with touch commands

Changing Timestamps To Disguise Malware

This week we look at file timestamps, what they are, what they mean, and how bad actors can use them to their advantage when compromising sites. Timestamps can be a good clue as to what happened if a site was compromised. But are timestamps foolproof? Let’s find out what they are and see.

Read More

security research

An Overview of SiteLock’s Security Research Efforts

As SiteLock continues to innovate and push the boundaries of web site protection, we’ve invested in and grown our security research team to provide new capabilities and content for customers and the security community at large.

This week, we will discuss what the SiteLock Research Team is, the team’s mission, and provide an overview of the team’s emerging efforts, as well as where to find and how to interact with the team.

Read More

Page 3 of 5

Powered by WordPress & Theme by Anders Norén