In this guide you will learn how to install and protect WordPress with the Open Source Web Application Firewall (WAF) ModSecurity. We will also install the latest protection rules from the OWASP Core Rule Set (CRS). A WAF is a great addition to the Cyber Security protection for your WordPress blog or website and can …
Protecting WordPress with Open Source Web Application Firewall ModSecurity Read More »
On 15th July 2021, news was going around regarding an unauthenticated SQL Injection in WooCommerce. WooCommerce released a blog post about the vulnerabilities here: https://woocommerce.com/posts/critical-vulnerability-detected-july-2021/#. The vulnerabilities were detected on the 13th of July and fixed in WooCommerce versions 3.3.6 to 5.5.1 and WooCommerce Blocks versions 2.5.16 to 5.5.1. This blog post is a short …
WooCommerce Unauthenticated SQL Injection Vulnerability Read More »
It’s no secret that security is essential to any WordPress website. Knowing all you can about possible threats may help keep your site safe. Nevertheless, staying informed about how to fight back against emerging malicious technology such as ransomware can be difficult. Fortunately, a small amount of information can go a long way. By familiarizing …
What WordPress Ransomware Is (And How to Protect Against It) Read More »
On 13th May 2021, WordPress released WordPress 5.7.2, which was a security release fixing one vulnerability that affected versions 3.7 to 5.7. This vulnerability is a PHP Object Injection vulnerability in PHPMailer (CVE-2020-36326, CVE-2018-19296) that occurs via the addAttachment function with a UNC pathname. You may notice that there are two CVE’s in the security …
There are over 28 million WordPress websites currently online. Unfortunately, this popularity makes the platform vulnerable to hacking, with attacks on WordPress sites becoming more commonplace in recent years. Like many site owners and developers, you may already be familiar with some WordPress security issues and you’re probably looking to reduce your exposure to a …
The Top WordPress Vulnerabilities in 2021 (And How to Combat Them) Read More »
WordPress versions 5.7, 5.6.2, 5.6.1, 5.6, 5.0.11 are affected to XML eXternal Entity vulnerability where an authenticated user with the ability to upload files in the Media Library can upload a malicious WAVE file that could lead to remote arbitrary file disclosure and server-side request forgery (SSRF). WordPress uses ID3 library to parse information about an audio …
WordPress XXE Vulnerability in Media Library – CVE-2021-29447 Read More »
You’re likely aware that any online activity comes with some level of risk. If you have a website, you’re not only responsible for your own information, but that of your users and customers as well. You may be hesitant to use WordPress if you have concerns about how secure it is. The good news is …
The average cost of a data breach in the US is a staggering $3.86 million. Avoiding that kind of financial blow means staying on top of your security. With supply chain attacks emerging as a particularly dangerous threat to WordPress sites, preventing them should be a top priority. Fortunately, you can take proactive steps to …
What Are WordPress Supply Chain Attacks (And How Can You Protect Against Them)? Read More »
Forcing WordPress to load over HTTPS usually requires a bit of work. Most either use a plugin to simplify the task or add redirects to their .htaccess files. Unfortunately, both processes can be risky if you’re not careful. Considering how important HTTPS is for improving security and Search Engine Optimization (SEO), it’s clear that implementation …
What You Need to Know About WordPress 5.7 and One-Click HTTPS Migration Read More »
A high-severity Unrestricted File Upload vulnerability, tracked as CVE-2020–35489, was discovered in a popular WordPress plugin called Contact Form 7, currently installed on 5 Million+ websites making them vulnerable to attacks like phishing, complete site take-over, data-breach, phishing and credit card frauds. In this blog-post, we will cover what caused the flaw, an example Proof-Of-Concept (PoC) showing exploitation in a …