WordPress Redirect Hack

This email is to notify you of a malware campaign targeting WordPress websites, in which the attackers are injecting a highly conditional malicious redirect. It randomly affects your users, and pushes them to default7 (.)com / test0 (.)com / test246 (.)com domains, in which they then perform a Drive-by-Download attack on the user – targeting…

Read the rest of this article…

WordPress Hacked

Over the last few weeks, I’ve seen the number of hacking attempts on my sites increase. I get literally hundreds, if not thousands, of alerts from my sites letting me know about Brute Force Attacks, most of which involve someone firing numerous login attempts at my WordPress blogs in the hopes they’ll get access. While…

Read the rest of this article…

If you knew that a bulletproof vest was only 8% effective against a bullet – would you let someone shoot you? Well, unless you have big issues… I’m guessing the answer is no… So if you knew that your WordPress site security is only 8% effective against common hacker attacks – would you set your…

Read the rest of this article…

Brute Force Amplification Attacks Against WordPress XML-RPC

Sucuri have reported that hackers are exploiting a hidden feature in WordPress’ XML-RPC component, using the system.multicall method to execute multiple Brute Force attacks inside a single post request. Normally, hackers attempt to gain direct access to a site running WordPress through the wp-login.php page. That’s not the case here. Instead, attackers are circumventing the…

Read the rest of this article…

Yoast SEO WordPress plugin Security Vulnerability

When you build sites with Wordpress, it is essential to use an SEO plugin to prevent indexing of tags, categories etc which otherwise results in duplicate content on your site. The plugin I recommend is Yoast SEO (it’s freely available), which is an amazing plugin. It’s a plugin I use on every site I build for myself…

Read the rest of this article…

Back in April (2013), a MAJOR distributed Brute Force Login attack was perpetrated on every server where WordPress was installed. This was an on-going and highly-distributed, global attack across virtually every web host in existence that went on for weeks. The attack was well organized and over 90,000 IP addresses were involved in it. Statistics…

Read the rest of this article…

Most people who use WordPress don’t know a thing about securing their sites from hackers. Many webmasters will also use simple and easy-to-guess usernames like “admin” or ridiculously easy-to-guess passwords like “password” or “123456“. Naivete more so than complacency is responsible here. And it’s only after your blog gets hacked that you recognize how important…

Read the rest of this article…

If you read my post yesterday (April 14, 2013), you’ll be aware that there’s been a concerted effort to attack WordPress sites all across the world in the last several days. So, what’s known so far, based on the collected and analyzed data is that a very large majority of the attacks are coming from…

Read the rest of this article…