You may think your WordPress website doesn’t have anything worth being hacked for, but websites are compromised every day. And although security is rarely top-of-mind when you are working away on your WordPress blog, e-commerce site or client websites, the fact is, if your website isn’t secure, you have a 1-in-3 chance of being hacked at some point. Don’t believe it? Check out this mesmerizing attack map that shows hacking in real-time. Be aware, this map reveals only the tip of the iceberg—penetration attempts against a subset of “honeypot” traps. The actual number of attacks at any given moment is significantly greater.
The SiteLock SMART malware scanner detected three particular files as suspicious. Inspection of the files by the SiteLock Research Team ultimately determined that a malicious WordPress plugin was being actively hosted, used by unsuspecting site owners, and spread via YouTube.
We will detail the malware contained in the malicious plugin, reveal the relationships between the malicious plugin and other sites, and finally discuss mitigation for sites using the plugin and how to avoid such situations.
Ransomware is malicious software that infects a computer and restricts the computer’s use until the victim pays a ransom to restore functionality. A ransomware compromise begins with a vulnerable computer or computer with vulnerable third-party software. A user on the vulnerable machine clicks a link in a malicious email, or visits a malicious website for example, which allows the ransomware to exploit a vulnerability and gain complete control of the machine.
We spent months planning and anticipating our first WordCamp. And not just any WordCamp, but WordCamp U.S. 2015 in Philadelphia, PA—the country’s largest WordCamp of the year. We wanted to make a good first impression. What would WordPressers think of us? Would they like us? Really, really like us? Well, we are super excited to report that not only did WordCamp U.S. 2015 knock our socks off in size and overall happiness but WordPressers—a shout out to you, one of the greatest groups of people we’ve ever met!
Announcing the new SiteLock® Plugin for WordPress!
For the over one million SiteLock customers on WordPress, managing website security services has never been easier. Users can access their SiteLock Dashboard from within WordPress, allowing you to focus on what’s most important—your business, your passion, your word.
Download today at wordpress.org/plugins/sitelock.
The SiteLock Research Team will have many firsts as it develops. This week we’ll discuss the first reported and patched vulnerability the team found, a minor cross-site scripting vulnerability in Testimonial Slider.
The team has been working on putting together a new vulnerability research process. During the creation of this process, we tested a not-so-randomly chosen WordPress plugin, Testimonial Slider. Developed by SliderVilla.com, it displays customer testimonials in a responsive slider and has over 10,000 installs. We chose Testimonial Slider for no other reason than it was a slider plugin after the recent Revolution Slider exploit.
Testimonial Slider, developed by SliderVilla.com, displays customer testimonials in a responsive slider and has over 10,000 installs. We analyzed version 1.2.1 using SiteLock TrueCode and manual analysis.
With holiday shopping in full swing, WordPress websites that accept credit cards are busier than ever. Lots of business is great. Not being PCI compliant is bad.
PCI compliance is required by all the major credit card companies and if your website is not PCI compliant, you risk penalties, lost revenue, the inability to accept credit card payments in the future and worst case, an increased risk of cardholder data exposure.
© Copyright 2017, SiteLock LLC.