WordPress
WordPress kept users and hackers in the dark while secretly fixing critical zero-day
Last week WordPress released the newest version (4.7.2) of the popular CMS, ostensibly fixing three security issues affecting versions 4.7.1 and earlier. What the WordPress …
WordPress 4.6.1 upgrades security, fixes 15 bugs
WordPress 4.6.1 is now available. This is a security release for all previous versions and all users are strongly encouraged to update their sites immediately. The two …
Spammers modify sites’ core WordPress files for long-lasting compromise
In their quest to compromise WordPress installations and prevent site owners from discovering it and cleaning up the website, blackhat SEO spammers have turned to modifying …
Slew of WP-based business sites compromised to lead to ransomware
If an approach works well, there is no reason to change tack, and the masters of the SoakSoak botnet are obviously of the same belief. A year and a half after they have been …
The gravest dangers for CMS-based websites
Over a third of all websites on the Internet are powered by one of these four key open source platforms: WordPress, Joomla!, Drupal and Magento. This makes the life of …
Million-plus sites hosted on WordPress.com get free SSL
Friday brought some very good news for existing and future owners of sites hosted on WordPress.com: they will be getting HTTPS protection without having to pay for an SSL …
Panama Papers breach was the result of lax security practices?
News items based on the so-called “Panama Papers,” a set of 11.5 million documents leaked from the networks of Panama-based law firm Mossack Fonseca, keep popping …
Black hat SEO campaign targets WordPress and Joomla installations
Avast is warning about a longstanding black hat SEO campaign involving sites running hacked WordPress and Joomla installations. In this latest campaign, the attackers inject a …
Popular WordPress plugin opens backdoor, steals user credentials
If you are one of the 10,000+ users of the Custom Content Type Manager (CCTM) WordPress plugin, consider your site to be compromised and proceed to clean your installation up, …
Is your WordPress site being misused for DDoS attacks?
Many WordPress websites are still being misused to perform layer 7 DDoS attacks against target servers, even though preventing them from participating in these attacks is as …
Loanbase hacked via WordPress hole, funds stolen
Popular international Bitcoin crowd-lending platform Loanbase has suffered a security breach, and is currently offline. The breach was discovered on Saturday and made public …
SQL injection has surfaced as the no. 1 attack in 2015
A new survey from Ponemon Institute finds that nearly 80 percent of enterprises say that their organization’s portfolio of applications has become more vulnerable to …