security

How to sniff WordPress login credentials with Wireshark over an HTTP connection

Wireshark is a network protocol analyzer that can provide granular visibility on traffic traversing your network. It runs on a wide variety of operating systems and can be used it to view live traffic or capture traffic to a file for offline analysis. Virtually all known network protocols are supported, including IPsec, ISAKMP, Kerberos, SNMPv3, …

How to sniff WordPress login credentials with Wireshark over an HTTP connection Read More »

The Optionsbleed Apache Vulnerability and WordPress

During the weekend our CTO Jonas Lejon has been doing some research into the most recent Apache vulnerability named Optionsbleed. The Optionsbleed vulnerability is a bug in the Apache webserver and makes it possible for an attacker to read remote webserver memory such as session cookies, password etc. The Apache is a very common webserver …

The Optionsbleed Apache Vulnerability and WordPress Read More »

XSS in popular WooCommerce Product Vendors plugin

  The popular WooCommerce WordPress plugin, used by 28 percent of all online stores, was just patched against a reflected cross-site scripting vulnerability (XSS). The vulnerability was found by the company SiteLock. The plugin vulnerability was disclosed to Automattic, the owner of, via its HackerOne security bounty program. The fix for the vulnerability was released on July …

XSS in popular WooCommerce Product Vendors plugin Read More »

Using OSSEC to monitor directory and file changes in WordPress

OSSEC is an open source host-based intrusion detection system (HIDS) that can be used to monitor file system changes on an operating system. In this article, you’ll learn how to use it to monitor directory and file system changes on WordPress installations. OSSEC in a manager-agent HIDS, where the manager and agent can be installed …

Using OSSEC to monitor directory and file changes in WordPress Read More »