Category: WordPress Security

  • The 6 Types Of Cyber Attacks To Protect Against In 2019

    It’s every system administrator’s worst nightmare. Hackers gain access to your system, stealing mission-critical information, locking sensitive files, or leaking proprietary information to the public. Frankly, it can be hard for companies to recover from such an attack. The data breach at Equifax in 2017 is turning out to be one of the most costly […]

    Learn More


  • Toughen Up Your WordPress Site Security By Forcing Strong Passwords

    It’s impossible to overstate security when it comes to managing your WordPress website. While a good web host will have certain measures in place to minimize the risk of any attacks on your site being successful, at the end of the day, much of the responsibility for keeping a website secure rests on the shoulders […]

    Learn More


  • The Definitive Guide to SSL and WordPress

    It’s become commonplace for a majority of internet users to share personal information on the internet. With the disregard for protecting personal data becoming second nature, how do we protect ourselves and our users? That’s where the power of SSL comes in. If your site requires users to submit any valuable or fragile information, then […]

    Learn More


  • The PHP Object Injection Odyssey

    The past few months we have noticed a trend of new and increasing PHP Object Injection attacks targeting WordPress sites. In a few cases in the last months our standard incident response process was identifying sites were had just cleaned were getting re-infected. Our response? Hack harder than the hackers, and we found multiple undisclosed […]

    Learn More


  • How to Address Object Injection Vulnerabilities in PHP

    I have been discussing the risks related to PHP Object Injection or insecure usage of unserialize() and how this insecure coding practice is unfortunately very prevalent in the WordPress plugin ecosystem. This post is for plugin (and really any PHP) developers for the purpose to share why you shouldn’t unseralize() data sent from untrusted sources, […]

    Learn More


  • WordCamp Kyoto 2017

    I had the honor of presenting this past weekend at WordCamp Kyoto. It wasn’t my first time addressing WordCamp crowds on security topics, but it was my first time in Kyoto, Japan. I felt at home, as the attendees and organizers of this event were excellent at making everyone feel welcome. WordCamp Kyoto The event […]

    Learn More


  • PHP Object Injection and Insecure Unserialize

    I wrote about an influx of PHP Object Injection attacks previously, warning about a trend of attacks targeting a known but somewhat under-reported PHP vulnerability. Looking back since that time, I get the odd feeling that object injection (or as they’re sometimes called unserialize) vulnerabilities keep cropping up. Wondering if this is just a frequency […]

    Learn More


  • Exploring the ExploitBox Unauthorized Password Reset Vulnerability

    In the past week there has been a lot of concern about a vulnerability released affecting WordPress core and the password reset functionality. This post is aimed to help every WordPress user better understand the issue at hand, and provide some guidance on how (if it’s needed) the issue can be addressed. Summary: There is […]

    Learn More


  • 3 Simple WordPress Security Tips

    We’ve all been enjoying the benefits of WordPress’s popularity. We’re surrounded by beautiful themes, high-powered plugins, and helpful communities. But there’s a dark side to that popularity – it makes WordPress sites an ideal target for hackers around the world. Before going any further, let’s get one thing straight: WordPress, as a site, is secure. […]

    Learn More


  • Pagely Customers Spared Effects of Latest WP Vulnerability

    Traditionally, we keep security patches and updates simple and quick in our security haiku series of posts. But sometimes 17 syllables doesn’t cut it. This post will address some of the commotion regarding a vulnerability which was patched in WordPress 4.7.2. The vulnerability was an authentication bypass attack which existed in the REST API (a […]

    Learn More