Category: WordPress Security

HTTPoxy and WordPress.

375

The vulnerability d’jour this week was named HTTPoxy, an applicable pun on pox and proxy. We have patched our servers for this already, and are here to take a few extra steps to help explain the vulnerability and hopefully spread a little knowledge. The first part of this post will explain how the HTTPoxy vulnerability […]

The Wild West of Bots and Brute Forces

773

The key to success is starting with a solid foundation. When it comes to succeeding at security, passwords are part of the foundation. Failure to choose a good password, will equate to failure in security eventually — but probably almost immediately. In the WordPress sphere of security, brute force attempts to account passwords by attackers […]

One Rogue Plugin: A noncanonical Star Wars and WordPress security story.

Looking like a piece of cosmic workout equipment, the “Dumbbell Nebula,” also known as M27, pumps out infrared light in this image from NASA’s Spitzer Space Telescope. Discovered in 1764, Charles Messier included it as the 27th member of his famous

Over the last week the news has been littered with stories about data leaks. From one of the biggest data leaks in history, the Panama Papers* to a movie that tells the story about about a data leak a long time ago, in a galaxy far far away! “Rogue One” coming out in late 2016**. Star Wars fans […]

WP 4.1.4 is live

business-high-five

We have pushed todays security release for WordPress, v 4.1.4 to all sites. 4.2.1 will roll out in short order.

POODLE – not the dog – the SSL vulnerability is patched system wide.

nonstandard-poodle

Another day, another code exploit in the wild to ruin your day. The POODLE bug recently came to light showing SSLv3 connections are insecure. Calling the new attack POODLE—that’s “Padding Oracle On Downgraded Legacy Encryption”—the attack allows a man-in-the-middle, such as a malicious Wi-Fi hotspot or a compromised ISP, to extract data from secure HTTP connections. […]

Additional mitigation protocols added to combat botnet load.

screenshot756

We have implemented additional measures to mitigate the ongoing botnet brute force attack.  While we feel we have a handle on the security side of things, the large volume of traffic was adding load to the servers and slowing down the overall user experience  We tightened down rules to drop these requests at the network edge […]