Category: WordPress Security

20 Simple Tricks to Secure Your WordPress Website in 2017

 This is a contribution by Ahmad Awais. 
I’ve seen many website owners nagging about the security of WordPress.

The opinion is that an open source script is vulnerable to all sorts of attacks. But that is mostly not true – sometimes it’s the other way around. Or, okay, let’s say that it’s partially true, but even then you shouldn’t blame WordPress.

Why? Because it’s usually your fault that your site got hacked. There are some responsibilities that you have to take care of as a website owner. So the key question is always, what are *you* doing to save your site from being hacked? (more…)

[News] Ninja Forms Vulnerable – Issue Marked “Very High Risk”

As reported by the Wordfence guys, Ninja Forms – a popular form plugin (contact forms, subscription forms, etc.) – is suffering from a number of serious security vulnerabilities.

Put together, those vulnerabilities have been labeled “very high risk,” which in web-security-speak basically means this: (more…)

WooCommerce Suffering From a Dangerous Object Injection Vulnerability

This is somewhat of a breaking news.

In short: WordPress users have to face possible hacker attacks if they are dealing with the WooCommerce plugin.

Sucuri team just discovered a dangerous vulnerability during their routine audit for their web application firewall.

It seems that the vulnerability inside WooCommerce is Object Injection related and it could allow any hacker to download compromising files from the vulnerable server. The problem appears only if the “PayPal Identity Token” option is set. (more…)