Since a few weeks we offer an API so you can get notified about new found vulnerabilities on your WordPress website. The first part of our API are outgoing JSON webhooks. Using webhooks you can integrate against other third party services like Slack and Zapier. The hooks is formatted as JSON, example: { “email”: “[email protected]”, …
Effective from 2019-05-01 our new name will be WPSec. The new name is short and reduces confusion with other projects. The new logo can be found below:
WordPress 5.0.1 is now available and it is a security release for all versions since WordPress 3.7. We strongly encourage you to update all your sites immediately. Plugin authors are also encouraged to read the 5.0.1 developer notes for information on backwards-compatibility. Since some of the vulnerabilities covered in 5.0.1 might affect plugins. WordPress versions 5.0 and earlier are …
WordPress 4.9.2 is now available for download. This release is a security and maintenance release for all versions since WordPress 3.7. WPScans strongly encourage you to update your sites immediately. We also recommend using WPScans.com to scan your WordPress installation. This release contains a critical security fix for a XSS security bug in the Media Elements library …
WPSec can now detect at least three different backdoored WordPress plugins. The plugins are: Duplicate Page and Post 2.1.0-2.1.1 No Follow All External Links 2.1.0-2.3.0 WP No External Links 4.2.1-4.3 We recommend that you run the free scan available at www.wpsec.com
Nmap is one our favorite tool when it comes to security testing (except for WPSec.com). Nmap was created in 1997 by Gordon Lyon aka Fyodor. The current version 7.60 contains about 580 different NSE-scripts (Nmap Scripting Engine) used for different security checks or information gathering and about six of them are related to WordPress. Our first test is to just …
Falco, or Sysdig Falco, is a behavior activity monitoring tool for keeping track of what’s going on on your servers in real time. It works similarly to tools like OSSEC, but only detects and alerts, lacking the means to take any action, like block offensive traffic. It’s a kernelspace tool which works by loading a …
How to detect WordPress backdoors with Sysdig Falco Read More »
👉 Run a free WordPress Security Scan at WPScans.com > WordPress 4.8.2 is now available for download at WordPress.org. This is a security release for all previous versions and WPScans strongly encourage you to update your sites immediately. WordPress versions 4.8.1 and earlier are affected by these security issues: $wpdb->prepare() can create unexpected and unsafe queries leading to …
This is our new logo for the WPScans.com WordPress Security Scanner. The logo was created by the talented Makmoer at 99designs.com, you see some of his work here.
WPScans.com was recently sold on Flippa.com and I would like to introduce myself as the new owner. My name is Jonas Lejon and i’ve been working with Cyber Security since 17 years. The last 7 years I have also been working with WordPress Security. In the past i’ve built several security related web services such …