Blog 2018-03-19T20:33:50+00:00

Ron’s Web Design Blog

Severe Vulnerability in All Wi-Fi Devices

This is a public service announcement (PSA) regarding a security issue that has a wide impact. Today is being called “Black Monday” in many information security circles. We have had a major Wi-Fi vulnerability announced that affects absolutely every device that supports Wi-Fi. The vulnerability allows attackers to decrypt WPA2 connections. A second vulnerability also emerged today, and we will cover that at the end of this post. The Wi-Fi vulnerability is being called “KRACK”, which is short for Key [...]

By | October 16th, 2017|Categories: PSA, Security|

Display Widgets Plugin Includes Malicious Code to Publish Spam on WP Sites

This entry was posted in Wordfence, WordPress Security on September 12, 2017 by Mark Maunder If you have a plugin called “Display Widgets” on your WordPress website, remove it immediately. The last three releases of the plugin have contained code that allows the author to publish any content on your site. It is a backdoor. The authors of this plugin have been using the backdoor to publish spam content to sites running their plugin. During the past three months the plugin has been removed [...]

By | September 12th, 2017|Categories: Plugins, Security, Wordpress|

.htaccess redirect

Apache .htaccess 301 redirect is a server side redirect and is a permanent redirect. The .htaccess file is an Apache server configuration file. The .htaccess file is used per directory. Using .htaccess file reduce server performance. .htaccess use should be avoided when you have access to the Apache server main configuration file httpd.conf. Shared hosting websites usually don't have access to httpd.conf file and should use .htaccess file. This 301 redirect response notifies the search engines that the page has moved permanently from the old URL to the new URL. The search engines also transfer [...]

By | August 19th, 2017|Categories: Blog|Tags: |

How to Remove the Billing Details from WooCommerce Checkout

When using WooCommerce, it will by default add a form for the client to enter his billing details. Now for some cases we might not want that, for example when purchasing a simple virtual product. We just want to send the user to PayPal without any hassle. There is no option within WooCommerce to disable the billing details, instead we’ll do this programmatically using hooks supplied by WooCommerce. Here’s how to do it, you can place this code in your [...]

By | August 17th, 2017|Categories: WooCommerce, Wordpress|Tags: , |

Ransomware Targeting WordPress

Most ransomware targets Windows workstations. However, the Wordfence team is currently tracking an emerging kind of ransomware that targets WordPress websites. During our analyses of malicious traffic targeting WordPress sites, we captured several attempts to upload ransomware that provides an attacker with the ability to encrypt a WordPress website’s files and then extort money from the site owner. The ransomware is uploaded by an attacker once they have compromised a WordPress website. It provides the attacker with an initial interface that looks like [...]

By | August 17th, 2017|Categories: Blog, Security, Wordpress|Tags: , , |

PSA: 4.8 Million Affected by Chrome Extension Attacks Targeting Site Owners

This is a public service announcement from the Wordfence team regarding a security issue that has a wide impact. During the past 3 months, eight Chrome browser extensions were compromised and the attacker used them to steal Cloudflare credentials and serve up malicious ads. This post discusses exactly what happened, how to protect yourself and what the wider implications are of this supply chain attack. How the Chrome Extensions Were Compromised In June, July and August, developers of the following Chrome [...]

By | August 17th, 2017|Categories: Blog, Security|Tags: , , |

Hackers Find Fresh WordPress Sites Within 30 Minutes

Last week our team attended Black Hat and DefCon in Las Vegas, two of the biggest information security conferences on earth. DefCon alone attracts approximately 20,000 information security professionals, researchers, government employees and fans. To say it is very busy is an understatement. One of the interesting presentations at DefCon this year discussed a way for attackers to quickly find new WordPress installations to target. The presentation was given by Hanno Böck, and in it he discusses a method attackers can use to find a [...]

By | August 3rd, 2017|Categories: Security, Wordpress|Tags: , , |