Security – Internet, WordPress, and otherwise

Popup Builder < 3.0 – SQL injection via PHP Deserialization

Popup Builder < 3.0 – SQL injection via PHP Deserialization

Description"The Popup Builder plugin 2.2.8 through 2.6.7.6 for WordPress is vulnerable to SQL injection via PHP Deserialization on attacker-controlled data with the attachmentUrl POST variable. This allows creation of an arbitrary WordPress Administrator account,...

read more
Setting up 2FA on WordPress with the Google Authenticator app

Setting up 2FA on WordPress with the Google Authenticator app

Whenever you implement a security measure, you should also have some sort of fallback. You do not want to be compromised by the failure of a single component. This is known as defense in depth.When you manage a WordPress website, one of the most important aspects of...

read more
Announcing activity logs for WPForms & add-ons in 4.0.1

Announcing activity logs for WPForms & add-ons in 4.0.1

Today we are really excited because we have two announcements! We are releasing WP Security Audit Log 4.0.1, and the new activity logs add-on for WPForms.  Find out more about activity logs for WPForms, and what else is new in today’s updates in this post....

read more
Pagely Security Updates: Jan 2020

Pagely Security Updates: Jan 2020

WordPress Security and Maintenance Releases: 5.2.4, 5.3.1, and 5.3.2Pagely customers were spared issues from bugs introduced in the 5.3.0 release as, due to the proximity to the holidays, we didn’t upgrade our customers to 5.3 until early January. All Pagely customers...

read more

Advanced Security Headers

I have some great security headers on this blog, but they are added using a single checkbox on the Sucuri WAF (web application firewall) this site uses. This is what they look like: x-xss-protection: 1; mode=block x-frame-options: SAMEORIGIN x-content-type-options:...

read more
New! Save Time Securing WordPress With User Groups

New! Save Time Securing WordPress With User Groups

The iThemes Security Pro plugin already helps you lock down your WordPress website down to the user-level with the User Security Check and User Logging features. Today, we are excited to roll out the New User Groups feature gives you the power to enforce the right...

read more
GDPR Cookie Consent < 1.8.3 – Improper Access Controls

GDPR Cookie Consent < 1.8.3 – Improper Access Controls

DescriptionImproper Access Controls issue in the cli_policy_generator AJAX call which could allow an authenticated user with low privileges (such as a subscriber) to: - Change the status of any post/page from published to draft, removing them from the frontend of the...

read more
Improper Access Controls in GDPR Cookie Consent Plugin

Improper Access Controls in GDPR Cookie Consent Plugin

The following post describes how improper access controls lead to a stored cross-site scripting vulnerability in the GDPR Cookie Consent plugin that emerged after it was removed from the repository. The Wordfence team released a firewall rule to our Premium customers...

read more
WordPress 5.4 Beta 1

WordPress 5.4 Beta 1

WordPress 5.4 Beta 1 is now available for testing! This software is still in development, so we don’t recommend running it on a production site. Consider setting up a test site to play with the new version. You can test the WordPress 5.4 beta in two ways:...

read more
A Guide to iThemes Security Pro Lockouts

A Guide to iThemes Security Pro Lockouts

iThemes Security Pro lockouts are a way to harden your website against external attacks, including WordPress brute force attacks. In this guide, we’ll cover iThemes Security Pro lockouts and how to use them. Keep reading for tips to avoid the dreaded lockout screen...

read more
Website Security Check: 5 Tools to Scan Site for Malware

Website Security Check: 5 Tools to Scan Site for Malware

Is your WordPress website acting funny? Did it suddenly slow down? Or maybe you’ve noticed unfamiliar pop-ups appearing on your pages?It’s likely that your website has been hacked!Slow websites and unfamiliar pop-ups are signs of a hacked website. You may also witness...

read more
How To Remove Malware From a GoDaddy Site (Easy Solution)

How To Remove Malware From a GoDaddy Site (Easy Solution)

Is your GoDaddy site sending out spam emails to your customers? Have you noticed that your website is slow for no reason? It’s most likely that your GoDaddy website is hacked.The repercussions of a hack are tremendous. Besides sending spam mails, hackers can cause a...

read more
Portfolio Filter Gallery < 1.1.3 – CSRF & Reflected XSS

Portfolio Filter Gallery < 1.1.3 – CSRF & Reflected XSS

DescriptionLack of CSRF checks on the Filters page could allow attackers to add/edit/update/delete categories and delete all categories, as well as perform reflected XSS attacks. v1.0.8 fixed the reflected XSS, however no CSRF check on delete and delete_all_category...

read more
iThemes Security Setup Essentials (January 2020)

iThemes Security Setup Essentials (January 2020)

iThemes Security Pro has a multitude of settings to help you secure your WordPress website. In this webinar, iThemes Associate Product Manager Michael Moore provides in-depth explanations of each security feature and a walkthrough of how to customize iThemes Security...

read more

Get ALL Your SEO, WordPress & Divi News

Join Our Daily Roundup

SEO News and More

SEO News and More