Page 25 of 62

Ask a Security Professional: WordPress Database Security Part One — Anatomy of WordPress

For most people the year is still just getting started, but for some website owners the year has already packed quite a punch in the form of website attacks. This month hackers exploiting a vulnerability in the WordPress REST API successfully defaced over a million websites in what has become one of the largest website defacement campaigns to date. The attacks injected content that overwrote existing posts on WordPress websites running versions 4.7 and 4.7.1, leaving website owners with an immeasurable number of “Hacked by” posts across the droves of impacted websites.WordPress REST API

Many website owners who have unfortunately found themselves in the proverbial trenches of a digital battlefront, some of which had at least some security measures, are facing a difficult data recovery situation. It is from these recent events that the next Ask a Security Professional question was crafted; How can I better protect my data?

I feel that it’s important to fully understand what the problem is in order to best understand what forms a solution can take. In Part One of #AskSecPro we’ll cover an introduction to some of the infrastructure behind WordPress. Let’s start at the beginning.

Read More

LoopConf 2017: Advancing WordPress Development and Community

We’ve just returned from LoopConf, a WordPress developer-focused event that SiteLock was lucky enough to sponsor. It was an amazing three days, packed with informative sessions around open source software and leading-edge technologies – everything the WordPress community loves, all in one place! As usual, I’ve provided a summary of just some of the awesome sessions I attended while at the conference.

Read More

SiteLock Website Security

SiteLock INFINITY for the 2017 Cybersecurity Excellence Awards

We’re excited to announce that SiteLock INFINITY was recently recognized as a finalist in the  Cybersecurity Excellence Awards in the Anti-Malware category! The Cybersecurity Excellence Awards recognize companies, products and individuals that demonstrate excellence, innovation and leadership in information security.

Read More

Defacement Trend via REST API Exploit

SiteLock Research shield

This article was co-authored by Security Researcher Wyatt Morgan from SiteLock Research.

 

SiteLock Research has identified a trend of defacements impacting thousands of WordPress websites. This trend of defacements appears to be exploiting a vulnerability in the WordPress REST API present in versions 4.7 and 4.7.1. The attack overwrites existing WordPress posts with a defacement, of which there are already many variations, with hackers even overwriting each others’ defacements in many cases. Customers using the SiteLock TrueShield™ Web Application Firewall (WAF) are protected against this exploit.

Trend characteristics:

  • This attack vector impacts WordPress sites running versions 4.7 and 4.7.1 with the REST API enabled.
  • The attackers are sending the defacement payload over the REST API to modify and deface existing posts.
  • Post keywords are being modified in many cases, possibly for blackhat SEO purposes.
  • We’ve identified at least six different defacement
    campaigns through this vector.

Examples (hackers’ handles redacted):

WordPress defacement | hacked by

WordPress defacement example | hacked byWordPress defacement | hacked by with loveWordPress defacement | Hacked by HaCk3D

 

 

 

 

 

 

 

 

This attack targets existing posts in WordPress, which means that a successful attack is overwriting data inside the WordPress database and data may only be recoverable via backup. If you have been impacted by this attack, your best course of action is to follow these steps:

1. Perform a file and database backup of the impacted website and save it to a secure location. This will ensure your data is safe if any critical failures occur in the following steps.
2. Update WordPress to the latest version, version 4.7.2.
3. Login to /wp-admin/ and verify which posts have been impacted by the defacement by looking in the title and body of the post for content that you did not put there. From the “edit post” menu, for each impacted post, check the revision history of the post to see if the original content is intact in a previous revision. If a previous revision is available, restore the post to that revision. Be sure to also check if the permalink for the post has been modified.

In many cases, following the above steps will remove the defacement and no further action is required. If you were not able to recover all of your post content, please continue with the following steps.

4. Locate your most recent database backup from before the attack and restore it to the production database.
5. Login to /wp-admin/ to check if any database clean-up is required to synchronize to the current WordPress version on the production site.
6. If WordPress indicates database changes are needed, allow it to run through the changes.

7. Audit your website for any incompatibility with the new WordPress version you’ve installed. Issues with updating are most commonly evident in the look and feel of the website.

We advise reaching out to your hosting provider as they may have a backup of your website stored on file. Additionally, if you have any questions or concerns about this email, please contact us at 877.563.2832 or email support@sitelock.com.

Please check this article regularly for updates as more information becomes available.

website security

How SiteLock Found its Niche in the World of Cybersecurity

When SiteLock President, Neill Feather, founded SiteLock in 2008, there were many website security options available to large enterprises. However, for small and medium-sized (SMB) businesses, finding a comprehensive and affordable website security solution was nearly unheard of. Fast-forward nine years, and SiteLock now secures over 12 million websites worldwide, many of which belong to small business owners.

In a recent B2B Growth Podcast: How Finding Your Niche Can Accelerate Growth, Feather explains how SiteLock found its niche by creating a website security solution tailored to small businesses and enterprises alike. He also shares key insights into how strategic partnerships and thought leadership have been the driving forces behind SiteLock’s continued growth.

Read More

Critical WordPress REST API Vulnerability

This article was co-authored by Security Researchers Gregory Bloom and Wyatt Morgan from SiteLock Research.

As you may have heard by now, WordPress 4.7.2 has arrived! This emergency patch was released by the diligent WordPress contributors following the discovery of a rather nasty vulnerability in the new WordPress REST API functionality. The vulnerability discovered allowed for unauthenticated privilege escalation, which in layman’s terms means it’s potentially harmful as it could allow an adversary to gain unauthorized administrator privileges to any post on most WordPress websites running versions 4.7 or 4.7.1.

Read More

A Beginner’s Guide to the SiteLock Plugin for WordPress

From malware and vulnerability scans to real-time security updates, the SiteLock WordPress Plugin provides complete website security management without ever having to leave WordPress. In December 2017, the SiteLock WordPress Plugin was updated to v4.0.4. For those of you already using the plugin, you can update your version within your WordPress Dashboard. For newbies, you can download and install the plugin here.

Read the WP Buffs review about SiteLock.

Read More

Ask a Security Professional: DDoS Attacks — Part Four: Volumetric Attacks

So far in this #AskSecPro DDoS series we’ve covered both Application Layer DDoS Attacks and Protocol-Based DDoS Attacks. We’ve also identified  the differences between a DoS and a DDoS attack. In this final segment of the DDoS series, we’ll discuss the third category of DDoS attacks, Volumetric Attacks, also known as Volume-Based Attacks

Read More

Ask a Security Professional: DDoS Attacks — Part Three: Protocol-Based Attacks

Continuing our #AskSecPro DDoS series where we last discussed Application Layer Attacks, today we’ll focus on some of the most popular protocol-based DDoS attacks we’ve seen hit our customers’ web application firewall, SiteLock TrueShield™, over the years. TrueShield™ is SiteLock’s distributed cloud-based web application firewall (WAF) with the capability of defending against attacks across layers 3, 4, and 7.

Read More

Ask a Security Professional: DDoS Attacks — Part Two: Application Layer Attacks

In our last #AskSecPro article we discussed the differences between a DoS and a DDoS attack. Now that we understand what a DDoS attack is in concept, let’s learn a little more about the mechanisms involved in these attacks. In Part Two of the DDoS Attacks series we’ll focus on some of the attack vectors utilized by adversaries when launching a denial of service attack.

Read More

Page 25 of 62

Powered by WordPress & Theme by Anders Norén