Security Archive

How to Disable Theme and Plugin Editors in WordPress

WordPress allows users to edit the theme and plugin codes by default through the admin panel. While it is a handy feature, it can be very dangerous as well. A simple typo can end up locking you out of your site unless of course you have the FTP access. To prevent clients from screwing up the

What is “404 Not Found” and How to fix it ?

The 404 Error is an HTTP status code that comes up when the web page the visitor is trying to visit could not be found on the server. This happened when that particular page has been deleted or moved to a new location. Imagine if a website has lots of inactive pages that return this

HTTP vs. HTTPs: What is the Difference?

You may have heard that the poeople encouraging you to change your site to the HTTPS security encryption from HTTP. So, let’s talk about the differences and what exactly is HTTP and HTTPS? What is HTTP? HTTP stands for hypertext transfer protocol. It’s a protocol that allows communication between different systems. Most commonly, it is used for transferring data

You Need to Know about Brute Force Attack

One of the most on-going problems for many system administrators is the potential for brute-force attacks. Up till now, firewall developers and engineers design their modern products with the deterring of these in mind. When it comes to cPanel users, the types of brute attacks they should be concerned with include cPHulk, LFD, and BFD.

10 things you can do to secure your web server from attacks

Server security is something that should never be overlooked. One day or another, chances are your server will be under attack and the integrity of your data will be at risk, not mentioning you may lose potential and existing customers in the process. Here are 10 things you can do to secure your web server

10 Tips for Your Website Security

As of late there has been an expansion of incredible instruments and administrations in the web advancement space. Content administration frameworks (CMS) like WordPress, Joomla!, Drupal thus numerous other permit entrepreneurs to rapidly and proficiently manufacture their online habitations. Their very extensible models, rich module, module, expansion biological system have made it less demanding than

Malvertising and Black Hat SEO: Nulled WordPress Themes

If you have been following our blog for some time, you know that we regularly warn about risks associated with the use of third-party software on your site. A benign plugin may sneakingly inject ads into your site which cause malvertising problems for the site visitors (e.g. SweetCaptcha). Other plugins may be hijacked by hackers

WP Mobile Detector Vulnerability

WP Mobile Detector, a WordPress plugin, contains a vulnerability in versions prior to 3.6. Exploitation of this vulnerability could allow an attacker to take control of an affected website. US-CERT encourages users and administrators to review the WP Mobile Detector Changelog for more information and apply the necessary update. This product is provided subject to

WordPress Redirect Hack via Test0.com/Default7.com

We’ve been working on a few WordPress sites with the same infection that randomly redirects visitors to malicious sites via the default7 .com / test0 .com / test246 .com domains. In this post, we’ll provide you with a review of this attack, investigated by our malware analyst Header.php Injection In all cases, the malware injects

What is an XSS Vulnerability?

Question: What is an XSS vulnerability? Should I be concerned about an XSS vulnerability? XSS (short for Cross-Site Scripting) is a widespread vulnerability that affects many web applications. The danger behind XSS is that it allows an attacker to inject content into a website and modify how it is displayed, forcing a victim’s browser to