Making Sense of Security

Securing your Digital World.

Making Sense of Security
Browsing:

Category: WordPress

The Amazon Prime phishing attack that wasn’t…

by Paul Ducklin Earlier this week, we received a moderately believable Amazon Prime phish via email. The scam had an Account Locked subject line, with a warning that we wouldn’t be able to buy or sell anything via Amazon’s services until we verified our account. To add a bit more fear and urgency, the crooks went on to warn us that if we didn’t complete the verification process within 24 hours, then our account would be deactivated, not merely suspended. The “good” news, of course, is that verifying our account was as easy as clicking a link in the Read more…


200K WordPress Sites Vulnerable to Plugin Flaw

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter. View Original Source Article HERE


Update now! Popular WordPress plugins have password bypass flaws

by John E Dunn Researchers have discovered password bypass vulnerabilities affecting two WordPress plugins from a publisher called Revmakx. The first vulnerable plugin is RevMakx’s InfiniteWP Client, a tool that allows admins to manage multiple WordPress sites from the same interface. The second is WP Time Capsule, a site backup and staging tool. The urgency is the number of sites using these tools – between 300,000 and 500,000 for InfiniteWP, and 20,000 or more for WP Time Capsule – so if you have either of these plugins, patch as soon as possible. According to security company WebARX, who reported Read more…


Critical WordPress Bug Leaves 320,000 Sites Open to Attack

Two WordPress plugins, InfiniteWP Client and WP Time Capsule, suffer from the same critical authorization bypass bug that allows adversaries to access a site’s backend with no password. All an attacker needs is the admin username for the WordPress plugins and they are in, according to researchers from WebArx who created proof-of-concept attacks to exploit the vulnerability. “[Both] contain logical issues in the code that allows you to login into an administrator account without a password,” wrote WebArx in a blog post outlining the discovery on Wednesday.   According to the WordPress plugin library, 300,000 websites are running a Read more…


Securing Your WordPress Site or Blog Course

Making Sense of Security

Security for WordPress is an ongoing need. Bloggers and WordPress users are taking notice measures to ensure the protect their site as more attacks take place on WordPress sites. Having the knowledge and know-how to implement security measures in your WordPress site may be challenging if you are not techie. Our Securing your WordPress Site or Blog Course has been getting attention and positive reviews. Recently, our course Securing your WordPress Site or Blog was listed in an article “How to Create and Sell an Ecourse” by Learning Revolution. You can read more about what they have to say Read more…