security Archives - Page 2 of 2

What Are WordPress Supply Chain Attacks (And How Can You Protect Against Them)?

The average cost of a data breach in the US is a staggering $3.86 million. Avoiding that kind of financial blow means staying on top of your security. With supply chain attacks emerging as a particularly dangerous threat to WordPress sites, preventing them should be a top priority. Fortunately, you can take proactive steps to […]

What Are WordPress Supply Chain Attacks (And How Can You Protect Against Them)? Read More »

WordPress 5.2.4 Security Release

Leave a Comment / security / Jonas Lejon

WordPress 5.2.4 is now available, it’s a short-cycle security release. The next major release will be version 5.3. This security release fixes six security issues. WordPress versions 5.2.3 and earlier are affected by these security bugs, which are fixed in version 5.2.4. There are also security updates to WordPress 5.1 and earlier. List of Security

WordPress 5.2.4 Security Release Read More »

17 Actionable WordPress Security Practices

5 Comments / security / Jonas Lejon

Of over 24,466 infected websites, a recent security analysis shows that 90% of them were using WordPress. That’s huge right? Another security report proves that 41% of infected WordPress sites were hacked through a security vulnerability on their host, 51% were hacked via a vulnerability in the WordPress themes and plugins they were using and

17 Actionable WordPress Security Practices Read More »

What is xmlrpc.php file and why you should care about it

1 Comment / security / Jonas Lejon

What is XML-RPC? According to Wikipedia, XML-RPC is a remote procedure call (RPC) protocol which uses XML to encode its calls and HTTP as a transport mechanism. WordPress utilizes this XML-RPC that is used to exchange information between computer systems over a network. In short, it is a system that allows you to post on your WordPress blog using popular weblog clients like Windows Live

What is xmlrpc.php file and why you should care about it Read More »

How to sniff WordPress login credentials with Wireshark over an HTTP connection

Leave a Comment / security / Jonas Lejon

Wireshark is a network protocol analyzer that can provide granular visibility on traffic traversing your network. It runs on a wide variety of operating systems and can be used it to view live traffic or capture traffic to a file for offline analysis. Virtually all known network protocols are supported, including IPsec, ISAKMP, Kerberos, SNMPv3,

How to sniff WordPress login credentials with Wireshark over an HTTP connection Read More »

The Optionsbleed Apache Vulnerability and WordPress

1 Comment / security / Jonas Lejon

During the weekend our CTO Jonas Lejon has been doing some research into the most recent Apache vulnerability named Optionsbleed. The Optionsbleed vulnerability is a bug in the Apache webserver and makes it possible for an attacker to read remote webserver memory such as session cookies, password etc. The Apache is a very common webserver

The Optionsbleed Apache Vulnerability and WordPress Read More »

XSS in popular WooCommerce Product Vendors plugin

2 Comments / security / Jonas Lejon

The popular WooCommerce WordPress plugin, used by 28 percent of all online stores, was just patched against a reflected cross-site scripting vulnerability (XSS). The vulnerability was found by the company SiteLock. The plugin vulnerability was disclosed to Automattic, the owner of, via its HackerOne security bounty program. The fix for the vulnerability was released on July

Using OSSEC to monitor directory and file changes in WordPress

4 Comments / security / Jonas Lejon

OSSEC is an open source host-based intrusion detection system (HIDS) that can be used to monitor file system changes on an operating system. In this article, you’ll learn how to use it to monitor directory and file system changes on WordPress installations. OSSEC in a manager-agent HIDS, where the manager and agent can be installed

Using OSSEC to monitor directory and file changes in WordPress Read More »