Unencrypted cookies leave WordPress accounts exposed to hijacking on insecure networks, even if the two-factor authentication is enabled. WordPress administrators must be aware that it is quite easy for hackers to hijack their web site if they login from the same WI-Fi connection (e.g. From a public place) even if it is protected by two-factor authentication, . […]
More than 12,000 phishing sites analyzed by Netcraft are hosted on compromised WordPress installations, the websites were used also to serve malicious code. Netcraft internet services company published a statistic which shows that nearly 12,000 WordPress instances were compromised in February, the attackers used the popular CMS to conduct phishing campaigns against targeted family of users, […]
Sucuri firm detected a large DDOS attack that leveraged thousands of unsuspecting WordPress websites as indirect amplification vectors. The security community is threatened by a new botnet composed at least 162,000 WordPress-powered websites abused to run DDoS attacks. The technique of attack allows to flood a target with requests sent by WordPress servers that received a […]
Thousands of WordPress based websites have been hacked to compose a global scale botnet that is performing powerful DDOS attacks. I start the post with recommendations, if you are a blogger using WordPress don’t waste time and update it and all installed plugins to the latest versions! Have you done it? OK, now I can explain you what it is […]
Checkmarxâs report analyzed the security of the top 50 most popular plugins (in general), as well as the top 10 most popular ecommerce plugins. Today we published our report âThe Security State of WordPressâ Top 50 Pluginsâ (no reg required). This report presents Checkmarxâs research which analyzed the security of the top 50 most popular plugins […]
Any owner of WordPress site is shaking causes of the threat that someone could steal its credentials, everybody would do well to ask themselves if their passwords are really strong and to make sure to donât use as username the word âadmin.â The reports published by CloudFlare and HostGator revealed a massive attack being launched against WordPress blogs […]