Month: January 2017

SiteLock WordPress Plugin Tutorial

A Beginner’s Guide to the SiteLock Plugin for WordPress

By Adam Warner

From malware and vulnerability scans to real-time security updates, the SiteLock WordPress Plugin provides complete website security management without ever having to leave WordPress. In December 2017, the SiteLock WordPress Plugin was updated to v4.0.4. For those of you already using the plugin, you can update your version within your WordPress Dashboard. For newbies, you can download and install the plugin here.

Tags:   CDN, malware scanner, plugin, Web Application Firewall
Categories:  Website Security
website security scientist

Ask a Security Professional: DDoS Attacks — Part Four: Volumetric Attacks

By Logan Kipp

So far in this #AskSecPro DDoS series we’ve covered both Application Layer DDoS Attacks and Protocol-Based DDoS Attacks. We’ve also identified  the differences between a DoS and a DDoS attack. In this final segment of the DDoS series, we’ll discuss the third category of DDoS attacks, Volumetric Attacks, also known as Volume-Based Attacks

Tags:   #AskSecPro, amplified, botnets, ddos, ntp, reflective, volume-based, volumetric
Categories:  Ask a Security Pro, Website Security, WordPress, WordPress security
website security scientist

Ask a Security Professional: DDoS Attacks — Part Three: Protocol-Based Attacks

By Logan Kipp

Continuing our #AskSecPro DDoS series where we last discussed Application Layer Attacks, today we’ll focus on some of the most popular protocol-based DDoS attacks we’ve seen hit our customers’ web application firewall, SiteLock TrueShield™, over the years. TrueShield™ is SiteLock’s distributed cloud-based web application firewall (WAF) with the capability of defending against attacks across layers 3, 4, and 7.

Tags:   #AskSecPro, ddos, icmp, OSI Model, ping of death, protocol, smurf, syn flood, trueshield, WAF
Categories:  Ask a Security Pro, Website Security, WordPress, WordPress security
website security scientist

Ask a Security Professional: DDoS Attacks — Part Two: Application Layer Attacks

By Logan Kipp

In our last #AskSecPro article we discussed the differences between a DoS and a DDoS attack. Now that we understand what a DDoS attack is in concept, let’s learn a little more about the mechanisms involved in these attacks. In Part Two of the DDoS Attacks series we’ll focus on some of the attack vectors utilized by adversaries when launching a denial of service attack.

Tags:   #AskSecPro, application layer, ddos, mirai, PhantomJS, post flood, trueshield, WAF, xmlrpc
Categories:  Ask a Security Pro, Website Security, WordPress, WordPress security

Case Study: The Blogging 911

By Ashley Baldwin

Company Background

Rena McDaniel is a self-proclaimed WordPress aficionado and a technology buff. She is also a successful WordPress designer, mother, wife, and grandmother.

Five years ago, McDaniel’s life changed when she was in a serious car accident. Unfortunately, the accident resulted in her becoming physically disabled. After a year of rehabilitation, her husband accepted a new job in South Carolina. They sold everything and made the move. Motivated by the change and inspired by her new environment, McDaniel channeled her energy into her personal passion, WordPress. Her blog quickly grew beyond the simple joy of writing, and developed into a natural curiosity for WordPress design. With continued focus on her passion, McDaniel soon mastered her craft and her friends and family began to take notice. With their encouragement she decided to found TheBlogging911.com.

Tags:   case study, malware, malware removal, SMART, Web Application Firewall, WordPress, WordPress Security
Categories:  SiteLock Reviews, WordPress, WordPress security
website security scientist

Ask a Security Professional: DDoS Attacks — Part One: DoS vs DDoS

By Logan Kipp

There’s a lot of buzz going around in many online communities concerning the recent distributed denial of service (DDoS) attacks the world has witnessed. In many of my own circles I’m often the only security guy in the room so I end up fielding a lot of questions, the most common of which is, “how do they do this stuff?!” In this District #AskSecPro series, I’ll be explaining the anatomy of D/DoS attacks and the practical weaponization of regular computers.

Tags:   #AskSecPro, anonymous, ddos, dos, high orbit ion cannon, low orbit ion cannon, WordPress, WordPress Security
Categories:  Ask a Security Pro, Website Security, WordPress, WordPress security
website security scientist

Ask A Security Professional: Understanding Unvalidated Redirects and Forwards

By SiteLock

There are times when a website may want to send a visitor to another page either immediately or after a specified amount of time (usually seconds). As an example, consider an outdated page that you believe your visitors have bookmarked – You don’t want to lose the traffic, so you just automatically redirect them to another page. While less common today, these redirects and forwards do still exist, but if not setup properly, they could pose an outside risk to your online presence.

What Is An Unvalidated Redirect/Forward?

While there are many ways to create a redirect or forward, the exploit in this case boils down to the destination URL being included in the address bar for the source page. When the redirect or forward is activated, the application will read the destination URL from the address bar and forward a user to that address. Consider this example source URL:

http://wwww.vulnerablesite.com/aboutUs.php?redirect=http://www.vulnerablesite.com

We can see here that the “About Us” page is being redirected back to the home page. The problem with this is that there is potential for anyone to take that full URL and insert their own redirect destination address and then send it to a site’s users. From there, depending on that source page, users’ could be tricked into thinking they are still on the source site. These unvalidated redirects/forwards could ultimately lead to a phishing scam in which users are fooled into giving up sensitive information about themselves.

Tags:   #AskSecPro, Ask a Security Professional, Redirects, Web Application Firewall
Categories:  Ask a Security Pro, Website Security, WordPress security
Child tech

Season of Giving – SiteLock Digital Kids Fund 2016 Recap

By Tracy Ferrick

In 2015, the SiteLock Digital Kids Fund was established to help local schools fund technology-based projects. We chose to partner with DonorsChoose.org, an organization that makes it easy for anyone to help a classroom in need, because of the shared passion in our mission. Our initiative targeted schools in need of technology for STEM-related projects and day-to-day classwork within the Phoenix, Arizona and Jacksonville, Florida areas. In total, we provided $50,000 in technology grants throughout the month of December 2016. 

Tags:   Charity, DonorsChoose, Give Back, SiteLock Gives Back, STEM, Tech education, Technology education
Categories:  Giving Back, WordPress