WordPress Vulnerability Roundup: January 2021, Part 1
New WordPress plugin and theme vulnerabilities were disclosed during the first half of January. This post covers the recent WordPress plugin, theme, and core vulnerabilities and what to do if you run one of the vulnerable plugins or themes on your website. The...WordPress Security Updates: December 2020
This article covers our public notifications related to major security issues our clients and the WordPress community should know about. We are always focused on prevention and the mitigation of […] Source: Security FeedWebsite Security in The New Year 2021 – Are You A Cat Herder?
Jim Walker Free Consultation by Phone We Fix Hacked Websites Fast (619) 479-6637. As we all head into the new year, if you implement the below strategies you’ll greatly reduce the likelihood your account will be compromised in 2021. 1. Segregation* 2. Monitoring...
Obfuscation Techniques in Ransomweb “Ransomware”
As vital assets for many business operations, websites and their hosting servers are often the target of ransomware attacks — and if they get taken offline, this can cause major issues for a business’ data, revenue, and ultimately reputation. The worst part about...
Multiple Vulnerabilities Patched in Orbit Fox by ThemeIsle Plugin
On November 19, 2020, our Threat Intelligence team responsibly disclosed two vulnerabilities in Orbit Fox by ThemeIsle, a WordPress plugin used by over 400,000 sites. One of these flaws made it possible for attackers with contributor level access or above to escalate...
Admin Notices Manager 1.1: choose which admin notices you see & which not
We can all agree that 2020 was a difficult year. That’s why we are excited to start 2021 with our very first update of the Admin Notices Manager plugin. In this update we added the ability to choose which type of admin notices to show as normal on the WordPress...
Evaluating Cookies to Hide Backdoors
Identifying website backdoors is not always an easy task. Since a backdoors primary function is to conceal itself while providing unauthorized access, they are often developed using a variety of techniques that can make it challenging to detect. For example, an...
Interview with Ryan Dewhurst, founder of WPScan
Ryan Dewhurst is an ethical hacker and penetration tester who has dedicated many years in helping people in the WordPress community improve the security posture of their websites and protect them from malicious attackers. Ryan is the founder of WPScan, a free, black...