SiteLock SECCON Team recently detected suspicious code in a WordPress Social Media Tab. plugin file. In this article we will discuss the malicious plugin and its payload, and detail what steps should be taken to remove and avoid using malicious plugins.
Category: The District Page 20 of 21
That’s right! We’re headed south for WordCamp Miami, February 20 & 21, 2016 at Florida International University. We’ll be there with lots of super swag and can’t wait to meet all the Miami WordPressers. Tickets on sale now! For more information, visit 2016.miami.wordcamp.org, @wordcampmiami and #wcmia.
You may think your WordPress website doesn’t have anything worth being hacked for, but websites are compromised every day. And although security is rarely top-of-mind when you are working away on your WordPress blog, e-commerce site or client websites, the fact is, if your website isn’t secure, you have a 1-in-3 chance of being hacked at some point. Don’t believe it? Check out this mesmerizing attack map that shows hacking in real-time. Be aware, this map reveals only the tip of the iceberg—penetration attempts against a subset of “honeypot” traps. The actual number of attacks at any given moment is significantly greater.
What is ransomware and how does it work?
Ransomware is malicious software that infects a computer and restricts the computer’s use until the victim pays a ransom to restore functionality. A ransomware compromise begins with a vulnerable computer or computer with vulnerable third-party software. A user on the vulnerable machine clicks a link in a malicious email, or visits a malicious website for example, which allows the ransomware to exploit a vulnerability and gain complete control of the machine.
We spent months planning and anticipating our first WordCamp. And not just any WordCamp, but WordCamp U.S. 2015 in Philadelphia, PA—the country’s largest WordCamp of the year. We wanted to make a good first impression. What would WordPressers think of us? Would they like us? Really, really like us? Well, we are super excited to report that not only did WordCamp U.S. 2015 knock our socks off in size and overall happiness but WordPressers—a shout out to you, one of the greatest groups of people we’ve ever met!
Announcing the new SiteLock® Plugin for WordPress!
For the over one million SiteLock customers on WordPress, managing website security services has never been easier. Users can access their SiteLock Dashboard from within WordPress, allowing you to focus on what’s most important—your business, your passion, your word.
Download today at wordpress.org/plugins/sitelock.
The SiteLock Research Team will have many firsts as it develops. This week we’ll discuss the first reported and patched vulnerability the team found, a minor cross-site scripting vulnerability in Testimonial Slider.
The team has been working on putting together a new vulnerability research process. During the creation of this process, we tested a not-so-randomly chosen WordPress plugin, Testimonial Slider. Developed by SliderVilla.com, it displays customer testimonials in a responsive slider and has over 10,000 installs. We chose Testimonial Slider for no other reason than it was a slider plugin after the recent Revolution Slider exploit.
What Does Testimonial Slider Do?
Testimonial Slider, developed by SliderVilla.com, displays customer testimonials in a responsive slider and has over 10,000 installs. We analyzed version 1.2.1 using SiteLock TrueCode and manual analysis.
With holiday shopping in full swing, WordPress websites that accept credit cards are busier than ever. Lots of business is great. Not being PCI compliant is bad.
PCI compliance is required by all the major credit card companies and if your website is not PCI compliant, you risk penalties, lost revenue, the inability to accept credit card payments in the future and worst case, an increased risk of cardholder data exposure.