What WordPress Ransomware Is (And How to Protect Against It)

What WordPress Ransomware Is (And How to Protect Against It)

It’s no secret that security is essential to any WordPress website. Knowing all you can about possible threats may help keep your site safe. Nevertheless, staying informed about how to fight back against emerging malicious technology such as ransomware can be difficult. Fortunately, a small amount of information can go a long way. By familiarizing …

What WordPress Ransomware Is (And How to Protect Against It) Read More »

WordPress PHPMailer vulnerability analysis

On 13th May 2021, WordPress released WordPress 5.7.2, which was a security release fixing one vulnerability that affected versions 3.7 to 5.7. This vulnerability is a PHP Object Injection vulnerability in PHPMailer (CVE-2020-36326, CVE-2018-19296) that occurs via the addAttachment function with a UNC pathname. You may notice that there are two CVE’s in the security …

WordPress PHPMailer vulnerability analysis Read More »

What Are WordPress Supply Chain Attacks (And How Can You Protect Against Them)?

What Are WordPress Supply Chain Attacks (And How Can You Protect Against Them)?

The average cost of a data breach in the US is a staggering $3.86 million. Avoiding that kind of financial blow means staying on top of your security. With supply chain attacks emerging as a particularly dangerous threat to WordPress sites, preventing them should be a top priority. Fortunately, you can take proactive steps to …

What Are WordPress Supply Chain Attacks (And How Can You Protect Against Them)? Read More »

Wordpress 5.7 One-Click HTTPS Migration

What You Need to Know About WordPress 5.7 and One-Click HTTPS Migration

Forcing WordPress to load over HTTPS usually requires a bit of work. Most either use a plugin to simplify the task or add redirects to their .htaccess files. Unfortunately, both processes can be risky if you’re not careful. Considering how important HTTPS is for improving security and Search Engine Optimization (SEO), it’s clear that implementation …

What You Need to Know About WordPress 5.7 and One-Click HTTPS Migration Read More »

Unrestricted File Upload Vulnerability found in Contact Form 7 plugin affects 5M+ websites

CVE-2020-35489: Unrestricted File Upload Vulnerability found in Contact Form 7 plugin affects 5M+ websites

A high-severity Unrestricted File Upload vulnerability, tracked as CVE-2020–35489, was discovered in a popular WordPress plugin called Contact Form 7, currently installed on 5 Million+ websites making them vulnerable to attacks like phishing, complete site take-over, data-breach, phishing and credit card frauds. In this blog-post, we will cover what caused the flaw, an example Proof-Of-Concept (PoC) showing exploitation in a …

CVE-2020-35489: Unrestricted File Upload Vulnerability found in Contact Form 7 plugin affects 5M+ websites Read More »

WP File Manager

WordPress plugin WP File Manager actively exploited

WordPress is a huge platform that powers a large number of websites. This service makes it easy for both programmers and non-programmers to develop different websites. With WordPress, there are different kinds of themes, plugins and more. However, since most of these things are created by third-party developers, there are chances that there will be …

WordPress plugin WP File Manager actively exploited Read More »

WordPress to add auto-update feature for themes and plugins

When it comes to WordPress, keeping your theme, plugins, and WordPress core is one of the most important tasks you have as a website owner. However, most website owners are often guilty of not applying updates and running with outdated versions of their themes and plugins.  Needless to say, this leaves your website vulnerable to …

WordPress to add auto-update feature for themes and plugins Read More »