• WordPress Security Updates: Feb 2020

    WordPress Core No notable WordPress core security releases. Plugin/Theme Vulnerabilities of Note Duplicator Plugin The Duplicator and Duplicator-Pro plugins both contained a vulnerability that allowed attackers to make a single request to a website, and be able to download arbitrary files from the WordPress website. It is being reported that attackers are actively using this

    Learn More


  • WordPress Security Updates: Jan 2020

    WordPress Security and Maintenance Releases: 5.2.4, 5.3.1, and 5.3.2 Pagely customers were spared issues from bugs introduced in the 5.3.0 release as, due to the proximity to the holidays, we didn’t upgrade our customers to 5.3 until early January. All Pagely customers received security patches for vulnerabilities identified in WordPress Core before 5.2.4 for the

    Learn More


  • The Short History of Unauthenticated Site Options Update Vulnerabilities

    Over recent years Pagely’s security team noticed a trend in WordPress related attacks targeting unauthenticated changes to a WordPress website’s options table. The attack is specific to WordPress, but in its boiled down essence, this vulnerability would fall under Broken Access Controls/Elevation of Privilege (OWASP Top 10, 2017 A5). In laypersons terms: the application lacks

    Learn More


  • Can WordPress Developers and Security Researchers get along?

    The relationship between WordPress developers and security researchers has been strained for some time now. Recently it is so bad that vulnerability reporters are going rogue which is affecting site owners. In the past months we’ve seen multiple researchers drop 0-day information (vulnerability details with no current patch available) which has resulted in our security

    Learn More


  • For Safety, the P3 Plugin Has Been Banned

    We spend every April 1st playing jokes on each other that rely on comical hoaxes and abuse our trust, but make us giggle during this annual tradition. We know these fantastical stories are most likely false and intended to entertain. Stories like T Mobile’s Phone BoothE, Nissin’s Cup o Noodles headphones, or Auntie Anne’s Hot

    Learn More


  • Pagely Security Research, and Disclosure Policy

    This post is about the realities both good and bad that come with the responsibility of reporting vulnerabilities. The long days of summer are gone, fall has faded away and winter is upon us… reflecting back over the past months the Pagely security team spent some of those days uncovering and reporting a number of

    Learn More


  • Why Neglecting Usability Can Undermine Your WordPress Site’s Security

    Usability testing is one of those unglamorous tasks that are often left for another day. It can be difficult to justify the time and budget required to check every button, link, and function on a website. It’s a luxury that many online businesses feel they can’t afford. However, usability testing can uncover serious security threats

    Learn More


  • Disaster Recovery Plan: Why Your Website Needs One to Survive

    The word “disaster” is one you never want to hear in business. Even if it’s a seemingly minor disaster, it usually means taking time away from business to investigate the root cause, clean up the mess, update processes, and sometimes even apologize to clients or employees who were harmed in the wake of it. But

    Learn More


  • An Extensive Plan of Action for WordPress Security

    There’s no nice way to put this, so I’m just going to come out and say it: WordPress websites are prime targets for hackers. It’s not that WordPress itself is an inherently unsafe content management system. In fact, I would go so far as to say that the WordPress security team does a fantastic job

    Learn More


  • The 6 Types Of Cyber Attacks To Protect Against In 2019

    It’s every system administrator’s worst nightmare. Hackers gain access to your system, stealing mission-critical information, locking sensitive files, or leaking proprietary information to the public. Frankly, it can be hard for companies to recover from such an attack. The data breach at Equifax in 2017 is turning out to be one of the most costly

    Learn More