Brute Force Attack

With WordPress being the most popular site building tool in use today, that also makes sites built with it a target for hackers. And sometimes those sites are very easy targets when little or no security precautions are taken. Hack attacks come in various guises but one of the better known is the Brute Force…

Read the rest of this article…

WordPress 4.6.1

A new version of WordPress (4.6.1) was released recently to address an important security flaw. WordPress versions 4.6 and earlier are affected by two security issues: a cross-site scripting vulnerability via image filename, reported by SumOfPwn researcher Cengiz Han Sahin; and a path traversal vulnerability in the upgrade package uploader, reported by Dominik Schilling from…

Read the rest of this article…

WooCommerce Plugin Security Vulnerability

The company that supervises WordPress and WooCommerce development, Automattic, has patched a persistent XSS (cross-site scripting) vulnerability in the WooCommerce e-commerce plugin for WordPress. This was an important and crucial fix as the vulnerability could potentially have affected over 1 million e-commerce stores built using the plugin on the WordPress blogging platform. This month (July,…

Read the rest of this article…

"All In One SEO Pack" Plugin Security Vulnerability

In an interesting development, it’s been found that there’s a security vulnerability in older versions of the popular All In One SEO Pack plugin. (Note: this plugin is not used in the blogs we build here at Top Design Blogs). The vulnerability allows an attacker to store malicious code in the website’s Admin panel that…

Read the rest of this article…

WordPress Redirect Hack

This email is to notify you of a malware campaign targeting WordPress websites, in which the attackers are injecting a highly conditional malicious redirect. It randomly affects your users, and pushes them to default7 (.)com / test0 (.)com / test246 (.)com domains, in which they then perform a Drive-by-Download attack on the user – targeting…

Read the rest of this article…

WordPress Hacked

Over the last few weeks, I’ve seen the number of hacking attempts on my sites increase. I get literally hundreds, if not thousands, of alerts from my sites letting me know about Brute Force Attacks, most of which involve someone firing numerous login attempts at my WordPress blogs in the hopes they’ll get access. While…

Read the rest of this article…

If you knew that a bulletproof vest was only 8% effective against a bullet – would you let someone shoot you? Well, unless you have big issues… I’m guessing the answer is no… So if you knew that your WordPress site security is only 8% effective against common hacker attacks – would you set your…

Read the rest of this article…

Brute Force Amplification Attacks Against WordPress XML-RPC

Sucuri have reported that hackers are exploiting a hidden feature in WordPress’ XML-RPC component, using the system.multicall method to execute multiple Brute Force attacks inside a single post request. Normally, hackers attempt to gain direct access to a site running WordPress through the wp-login.php page. That’s not the case here. Instead, attackers are circumventing the…

Read the rest of this article…

Yoast SEO WordPress plugin Security Vulnerability

When you build sites with Wordpress, it is essential to use an SEO plugin to prevent indexing of tags, categories etc which otherwise results in duplicate content on your site. The plugin I recommend is Yoast SEO (it’s freely available), which is an amazing plugin. It’s a plugin I use on every site I build for myself…

Read the rest of this article…

SoakSoak WordPress Malware

On Sunday, Dec. 14 2014, a new WordPress threat called SoakSoak infected over 100,000 sites. That number will have risen sharply over the last 2 days. If your blog is infected, and that infection has been detected by Google and other security companies, your site will be blacklisted. That means it won’t appear in the…

Read the rest of this article…