Posts by Robert Rowley

Pagely Security Updates

This page is where we post public notifications related to major security issues our clients and the WordPress community should know about. We are always focused on prevention and the mitigation of risk to our clients, and keeping you updated here is…
Read The Story

The PHP Object Injection Odyssey

The past few months we have noticed a trend of new and increasing PHP Object Injection attacks targeting WordPress sites. In a few cases in the last months our standard incident response process was identifying sites were had just cleaned were getting…
Read The Story

How to Address Object Injection Vulnerabilities in PHP

I have been discussing the risks related to PHP Object Injection or insecure usage of unserialize() and how this insecure coding practice is unfortunately very prevalent in the WordPress plugin ecosystem. This post is for plugin (and really any PHP) developers for the purpose…
Read The Story

Reboot-Be-Gone with KernelCare & Pagely

Long gone are the days of reboots on Pagely servers due to security related kernel updates. Pagely has been working since the beginning of the year to get our servers upgraded to the latest technologies, including a partnership with KernelCare which allows…
Read The Story

WordCamp Kyoto 2017

I had the honor of presenting this past weekend at WordCamp Kyoto. It wasn't my first time addressing WordCamp crowds on security topics, but it was my first time in Kyoto, Japan. I felt at home, as the attendees and organizers of…
Read The Story

PHP Object Injection and Insecure Unserialize

I wrote about an influx of PHP Object Injection attacks previously, warning about a trend of attacks targeting a known but somewhat under-reported PHP vulnerability. Looking back since that time, I get the odd feeling that object injection (or as they're sometimes called unserialize) vulnerabilities keep cropping…
Read The Story

My Role: Robert Rowley

Robert Rowley Title: Senior Information Security Engineer Who am I? I am the person who stays up to date with all of the relevant security issues that face both our company infrastructure and our customers' needs. My work history before joining Pagely…
Read The Story

Pagely Customers Spared Effects of Latest WP Vulnerability

Traditionally, we keep security patches and updates simple and quick in our security haiku series of posts. But sometimes 17 syllables doesn't cut it. This post will address some of the commotion regarding a vulnerability which was patched in WordPress 4.7.2. The vulnerability…
Read The Story

Tracking WP PHP Object Injection Attackers in November

Over the past month or so I have been monitoring the activity of a series of attacks against our hosting customers which had one common vector: insecure WordPress plugins which exposed PHP objects to potential injection. Only a very small number of…
Read The Story

Latest Posts