WPSec

5 Security Features We Wish Were Included in WordPress

Leave a Comment / security / By Will Morris

WordPress is one of the most popular Content Management Systems (CMSs) globally, powering more than half of websites that use CMSs we know. Unfortunately, being an incredibly convenient, user-friendly, and robust solution doesn’t automatically translate to being completely secure. With cybercrime on the rise, it’s more important than ever to take careful, proactive, and preventative …

5 Security Features We Wish Were Included in WordPress Read More »

98.7 Percent of the Web Is Using Outdated Versions of PHP

4 Comments / news / By Will Morris

The latest major releases of PHP have bought massive changes to the programming language. Starting from PHP 7, we’ve seen significant performance improvements. Some benchmarks even point to versions 7-8 being twice as fast as their predecessors. However, most of the websites that use PHP are still stuck with old versions of the language. Upgrading …

98.7 Percent of the Web Is Using Outdated Versions of PHP Read More »

WordPress and Trojan Source

Leave a Comment / Uncategorized / By Jonas Lejon

TL;DR: We have found no evidence that the new Trojan Source method has been used to sneak in backdoors in any of the WordPress plugins listed on WordPress.org (CVE-2021-42694 and CVE-2021-42574) A new vulnerability affecting the supply chain of Source Code for projects like Go, PHP, Python, JavaScript and many more programming languages. The vulnerability …

WordPress and Trojan Source Read More »

Protecting WordPress with Open Source Web Application Firewall ModSecurity

Leave a Comment / Uncategorized / By Jonas Lejon

In this guide you will learn how to install and protect WordPress with the Open Source Web Application Firewall (WAF) ModSecurity. We will also install the latest protection rules from the OWASP Core Rule Set (CRS). A WAF is a great addition to the Cyber Security protection for your WordPress blog or website and can …

Protecting WordPress with Open Source Web Application Firewall ModSecurity Read More »

WooCommerce Unauthenticated SQL Injection Vulnerability

2 Comments / Uncategorized / By Jonas Lejon

On 15th July 2021, news was going around regarding an unauthenticated SQL Injection in WooCommerce. WooCommerce released a blog post about the vulnerabilities here: https://woocommerce.com/posts/critical-vulnerability-detected-july-2021/#. The vulnerabilities were detected on the 13th of July and fixed in WooCommerce versions 3.3.6 to 5.5.1 and WooCommerce Blocks versions 2.5.16 to 5.5.1. This blog post is a short …

WooCommerce Unauthenticated SQL Injection Vulnerability Read More »

What WordPress Ransomware Is (And How to Protect Against It)

Leave a Comment / security / By Will Morris

It’s no secret that security is essential to any WordPress website. Knowing all you can about possible threats may help keep your site safe. Nevertheless, staying informed about how to fight back against emerging malicious technology such as ransomware can be difficult. Fortunately, a small amount of information can go a long way. By familiarizing …

What WordPress Ransomware Is (And How to Protect Against It) Read More »

WordPress PHPMailer vulnerability analysis

1 Comment / Uncategorized / By Jonas Lejon

On 13th May 2021, WordPress released WordPress 5.7.2, which was a security release fixing one vulnerability that affected versions 3.7 to 5.7. This vulnerability is a PHP Object Injection vulnerability in PHPMailer (CVE-2020-36326, CVE-2018-19296) that occurs via the addAttachment function with a UNC pathname. You may notice that there are two CVE’s in the security …

WordPress PHPMailer vulnerability analysis Read More »

The Top WordPress Vulnerabilities in 2021 (And How to Combat Them)

Leave a Comment / security / By Will Morris

There are over 28 million WordPress websites currently online. Unfortunately, this popularity makes the platform vulnerable to hacking, with attacks on WordPress sites becoming more commonplace in recent years. Like many site owners and developers, you may already be familiar with some WordPress security issues and you’re probably looking to reduce your exposure to a …

The Top WordPress Vulnerabilities in 2021 (And How to Combat Them) Read More »

WordPress XXE Vulnerability in Media Library – CVE-2021-29447

1 Comment / Uncategorized / By Jonas Lejon

WordPress versions 5.7, 5.6.2, 5.6.1, 5.6, 5.0.11 are affected to XML eXternal Entity vulnerability where an authenticated user with the ability to upload files in the Media Library can upload a malicious WAVE file that could lead to remote arbitrary file disclosure and server-side request forgery (SSRF). WordPress uses ID3 library to parse information about an audio …

WordPress XXE Vulnerability in Media Library – CVE-2021-29447 Read More »

Are WordPress Websites Really That Vulnerable?

1 Comment / security / By Will Morris

You’re likely aware that any online activity comes with some level of risk. If you have a website, you’re not only responsible for your own information, but that of your users and customers as well. You may be hesitant to use WordPress if you have concerns about how secure it is. The good news is …

Are WordPress Websites Really That Vulnerable? Read More »