Category: WordPress Security

HTTPoxy and WordPress.

375

The vulnerability d’jour this week was named HTTPoxy, an applicable pun on pox and proxy. We have patched our servers for this already, and are here to take a few extra steps to help explain the vulnerability and hopefully spread a little knowledge. The first part of this post will explain how the HTTPoxy vulnerability […]

on

The Wild West of Bots and Brute Forces

773

The key to success is starting with a solid foundation. When it comes to succeeding at security, passwords are part of the foundation. Failure to choose a good password, will equate to failure in security eventually — but probably almost immediately. In the WordPress sphere of security, brute force attempts to account passwords by attackers […]

on

POODLE – not the dog – the SSL vulnerability is patched system wide.

nonstandard-poodle

Another day, another code exploit in the wild to ruin your day. The POODLE bug recently came to light showing SSLv3 connections are insecure. Calling the new attack POODLE—that’s “Padding Oracle On Downgraded Legacy Encryption”—the attack allows a man-in-the-middle, such as a malicious Wi-Fi hotspot or a compromised ISP, to extract data from secure HTTP connections. […]

on