Month: December 2015

is your wordpress website secure

Is Your WordPress Website Secure? Take the Quiz!

By Ashley Baldwin

You may think your WordPress website doesn’t have anything worth being hacked for, but websites are compromised every day. And although security is rarely top-of-mind when you are working away on your WordPress blog, e-commerce site or client websites, the fact is, if your website isn’t secure, you have a 1-in-3 chance of being hacked at some point. Don’t believe it? Check out this mesmerizing attack map that shows hacking in real-time. Be aware, this map reveals only the tip of the iceberg—penetration attempts against a subset of “honeypot” traps. The actual number of attacks at any given moment is significantly greater.

Tags:   quiz
Categories:  WordPress security

May your holidays be merry and bright. Peace. Love. WordPress.

By Ashley Baldwin
Categories:  WordPress security

Adsense High CPC Malicious WordPress Plugin in the Wild

By Weston Henry

The SiteLock SMART malware scanner detected three particular files as suspicious. Inspection of the files by the SiteLock Research Team ultimately determined that a malicious WordPress plugin was being actively hosted, used by unsuspecting site owners, and spread via YouTube.

We will detail the malware contained in the malicious plugin, reveal the relationships between the malicious plugin and other sites, and finally discuss mitigation for sites using the plugin and how to avoid such situations.

Tags:   AdSense, malicious WordPress plugin
Categories:  WordPress security

Don’t Be Held For Ransom By Ransomware

By Weston Henry

What is ransomware and how does it work?

Ransomware is malicious software that infects a computer and restricts the computer’s use until the victim pays a ransom to restore functionality. A ransomware compromise begins with a vulnerable computer or computer with vulnerable third-party software. A user on the vulnerable machine clicks a link in a malicious email, or visits a malicious website for example, which allows the ransomware to exploit a vulnerability and gain complete control of the machine.

Tags:   ransomware
Categories:  WordPress security
WordCamp U.S. 2015

WordCamp U.S 2015 – We Came. We Saw. We Can’t Wait to Do it Again!

By Tracy Ferrick

We spent months planning and anticipating our first WordCamp. And not just any WordCamp, but WordCamp U.S. 2015 in Philadelphia, PA—the country’s largest WordCamp of the year. We wanted to make a good first impression. What would WordPressers think of us? Would they like us? Really, really like us? Well, we are super excited to report that not only did WordCamp U.S. 2015 knock our socks off in size and overall happiness but WordPressers—a shout out to you, one of the greatest groups of people we’ve ever met!

Tags:   recap, sitelock events, WordCamp U.S.
Categories:  WordPress security
SiteLock plugin for WP

WordPress Security Just Got Easier

By Tracy Ferrick

Announcing the new SiteLock® Plugin for WordPress!

For the over one million SiteLock customers on WordPress, managing website security services has never been easier. Users can access their SiteLock Dashboard from within WordPress, allowing you to focus on what’s most important—your business, your passion, your word.

wpPluginDatasheetImg Half-01

Download today at

Tags:   SiteLock dashboard, SiteLock WordPress plugin
Categories:  WordPress security
xss vulnerability

SiteLock Research Team Uncovers WordPress Plugin Vulnerability

By Weston Henry

The SiteLock Research Team will have many firsts as it develops. This week we’ll discuss the first reported and patched vulnerability the team found, a minor cross-site scripting vulnerability in Testimonial Slider.

The team has been working on putting together a new vulnerability research process.  During the creation of this process, we tested a not-so-randomly chosen WordPress plugin, Testimonial Slider.   Developed by, it displays customer testimonials in a responsive slider and has over 10,000 installs.  We chose Testimonial Slider for no other reason than it was a slider plugin after the recent Revolution Slider exploit.

What Does Testimonial Slider Do?

Testimonial Slider, developed by, displays customer testimonials in a responsive slider and has over 10,000 installs. We analyzed version 1.2.1 using SiteLock TrueCode and manual analysis.

Tags:   reflective cross-site scripting, Testimonial slider, vulnerability, wordpress plugin vulnerability
Categories:  WordPress security
PCI compliance

Is Your WordPress Site PCI Compliant?

By Weston Henry

With holiday shopping in full swing, WordPress websites that accept credit cards are busier than ever. Lots of business is great. Not being PCI compliant is bad.

PCI compliance is required by all the major credit card companies and if your website is not PCI compliant, you risk penalties, lost revenue, the inability to accept credit card payments in the future and worst case, an increased risk of cardholder data exposure.

Tags:   pci compliance, pci dss
Categories:  WordPress security