Web servers are unique in network environments because they are exposed to the internet and serve web traffic to potentially unknown users. Furthermore, web servers often run dynamic applications like WordPress websites or act as proxies for internal applications. Thus, it is not surprising that they are desirable targets for attackers. Hardening a system involves […]
Hardening the web server of your WordPress website Read More »
WordPress is constantly being improved in order to provide a smoother, speedier, and more secure solution to users. Trying to keep up with every new update, such as the recent WordPress 5.9 “Joséphine” performance improvements, can feel a little overwhelming. However, the latest release comes with a handful of noteworthy features. The update includes both
WordPress 5.9 Performance Improvements Read More »
The latest major releases of PHP have bought massive changes to the programming language. Starting from PHP 7, we’ve seen significant performance improvements. Some benchmarks even point to versions 7-8 being twice as fast as their predecessors. However, most of the websites that use PHP are still stuck with old versions of the language. Upgrading
98.7 Percent of the Web Is Using Outdated Versions of PHP Read More »
Forcing WordPress to load over HTTPS usually requires a bit of work. Most either use a plugin to simplify the task or add redirects to their .htaccess files. Unfortunately, both processes can be risky if you’re not careful. Considering how important HTTPS is for improving security and Search Engine Optimization (SEO), it’s clear that implementation
What You Need to Know About WordPress 5.7 and One-Click HTTPS Migration Read More »
Update: Due to some problems with the 5.5.2-release 5.5.3 was quickly released. WordPress 5.5.2 has been released and it contains ten security issues affecting WordPress version 5.5.1 and earlier. If you haven’t yet updated to 5.5, all previous WordPress versions since 3.7 have also been updated to fix the following security issues: Alex Concha of
WordPress 5.5.2 Security Release Read More »
WordPress is a huge platform that powers a large number of websites. This service makes it easy for both programmers and non-programmers to develop different websites. With WordPress, there are different kinds of themes, plugins and more. However, since most of these things are created by third-party developers, there are chances that there will be
WordPress plugin WP File Manager actively exploited Read More »
When it comes to WordPress, keeping your theme, plugins, and WordPress core is one of the most important tasks you have as a website owner. However, most website owners are often guilty of not applying updates and running with outdated versions of their themes and plugins. Needless to say, this leaves your website vulnerable to
WordPress to add auto-update feature for themes and plugins Read More »
When it comes to content management systems such as WordPress, hackers will often exploit file upload mechanisms to distribute malicious files which can be used to execute malicious code on a website, infect other websites, and allow hackers to gain full control over a server where your website is hosted. In an effort to prevent
Dozens of File Upload Vulnerabilities Found in Web Apps Read More »
A high-severity Cross-Site Scripting (XSS) vulnerability, tracked as CVE-2020-9334, exists in a popular WordPress plugin called Envira Photo Gallery, rendering over 100,000 websites vulnerable to phishing attacks, stealing administrator’s session tokens, etc. In this Blog-post, we will cover what caused the flaw, an example Proof-Of-Concept showing exploitation in a sandbox environment, and mitigation steps. What is the Envira
CVE-2020-9334: Stored XSS vulnerability in Popular Gallery Plugin for WordPress Read More »
WPSec.com, Our WordPress Vulnerability Security Scanner has been updated with new functionality and reliability changes. Detect WAF – If there is a scanning problem such as a timeout, we will try to detect if there is a Web Application Firewall (WAF) blocking us. And if there is we will notify you via E-mail or on
WordPress Security Scanner reliability updates Read More »