This is a weekly round up of WordPress news for October 2, 2017 that I have accumulated from across the web some old some new but always interesting. The new relates to WordPress and sometimes other areas of the web. It often has a focus on security and more.
This is a weekly round up of WordPress Security news for July 24, 2017 that I have accumulated from across the web. Some is old WordPress news some new WordPress news but always interesting. pay attention this stuff your security is at stake.
Brute Force Amplification Attacks Against WordPress XMLRPC Brute Force attacks are one of the oldest and most common types of attacks that we still see on the Internet today. If you have a server online, it’s most likely being hit right now. It could be via protocols like SSH or FTP, and if it’s a web server, via web-based brute force attempts against whatever CMS you are using. Imagine a world where an attacker could amplify their Brute Force attacks in such a way that traditional mitigation strategies fall short. Instead of 500 different login attempts, the attackers could
Unmasking Free Premium WordPress PluginsWordPress has a large repository of free plugins (currently 30,000+) that can add almost any functionality to your blog. However, there is still a market for premium plugins. Premium plugins are especially popular when they help blogs make money: eCommerce, SEO, affiliate and customer management, and so on. Such plugins may be really great and well worth their price, but not many webmasters are ready to pay for plugins, especially when they can find “free” or “nulled” versions of the same plugins on the Internet. All they need to do is search Google for
Pirated Joomla, WordPress, Drupal themes and plugins contain CryptoPHP backdoorIllegal search engine optimization (SEO) is the goal of attackers who are freely distributing pirated Joomla, WordPress and Drupal themes and plugins that are packaged with a backdoor being referred to as CryptoPHP. Last week Fox-It released a whitepaper on CryptoPHP, and in a Wednesday post the security company revealed that most of the command-and-control domains had been sinkholed or taken down. Researchers observed 23,693 unique IP addresses connecting to the sinkholes, but by Monday that number had dipped to 16,786, according to the post.
WordPress Security Plugin Vulnerabilities for Oct 30thThis is a WordPress security report for Oct 30th 2014. We are publishing a list of current critical vulnerabilities that we want to draw your attention to. Please scan the list below and if you are using any of the products listed, or if you are aware of anyone using the products listed, please take the appropriate action which we include in each bullet point below. If you are using any of these plugins, please take the action suggested in the bullet point above. Help spread the word to improve WordPress security
White hat hacker warns CMS plugins are leaving the security door wide openReading between the lines, the truth of the matter is that the vast majority of holes in the CMS code base, whichever platform you look at, have been found and fixed over the years. Kolochenko actually reckons that 99% of exploitable vulnerabilities in core CMS code fall into this category. So, CMS usage is pretty safe now then? Well, yes, but not 100% so and admins are partly to blame here. Weak passwords and password reuse are right up there at the top of the insecurity
It is very important that you keep your WordPress website up to date as recent events have shown again. See these articles: Search WordPress Plugins The Best WordPress Plugin Directory Search Engine Major security vulnerability discovered in popular WordPress plugin 30,000 WordPress Blogs Infected to Distribute Rogue Antivirus Software WARNING: 200,000 US-based WordPress web pages compromised by hijack injection attack An argument I have had with many people over the years I have been involved in the computer industry has revolved around security. It usually goes like this: Friend: You should get a Mac they are so much more
Book your interview now.
