Post Category Archive A collection of posts we have categorized in WordPress Security

Pagely Security Updates

This article covers our public notifications related to major security issues our clients and the WordPress community should know about. We are always focused on prevention and the mitigation of risk to our clients, and keeping you updated here is part of…
Read The Story

The Definitive Guide to SSL and WordPress

It's become commonplace for a majority of internet users to share personal information on the internet. With the disregard for protecting personal data becoming second nature, how do we protect ourselves and our users? That’s where the power of SSL comes in. If your site…
Read The Story

The PHP Object Injection Odyssey

The past few months we have noticed a trend of new and increasing PHP Object Injection attacks targeting WordPress sites. In a few cases in the last months our standard incident response process was identifying sites were had just cleaned were getting…
Read The Story

How to Address Object Injection Vulnerabilities in PHP

I have been discussing the risks related to PHP Object Injection or insecure usage of unserialize() and how this insecure coding practice is unfortunately very prevalent in the WordPress plugin ecosystem. This post is for plugin (and really any PHP) developers for the purpose…
Read The Story

WordCamp Kyoto 2017

I had the honor of presenting this past weekend at WordCamp Kyoto. It wasn't my first time addressing WordCamp crowds on security topics, but it was my first time in Kyoto, Japan. I felt at home, as the attendees and organizers of…
Read The Story

PHP Object Injection and Insecure Unserialize

I wrote about an influx of PHP Object Injection attacks previously, warning about a trend of attacks targeting a known but somewhat under-reported PHP vulnerability. Looking back since that time, I get the odd feeling that object injection (or as they're sometimes called unserialize) vulnerabilities keep cropping…
Read The Story

3 Simple WordPress Security Tips

We’ve all been enjoying the benefits of WordPress’s popularity. We're surrounded by beautiful themes, high-powered plugins, and helpful communities. But there’s a dark side to that popularity — it makes WordPress sites an ideal target for hackers around the world. Before going…
Read The Story

Pagely Customers Spared Effects of Latest WP Vulnerability

Traditionally, we keep security patches and updates simple and quick in our security haiku series of posts. But sometimes 17 syllables doesn't cut it. This post will address some of the commotion regarding a vulnerability which was patched in WordPress 4.7.2. The vulnerability…
Read The Story

Tracking WP PHP Object Injection Attackers in November

Over the past month or so I have been monitoring the activity of a series of attacks against our hosting customers which had one common vector: insecure WordPress plugins which exposed PHP objects to potential injection. Only a very small number of…
Read The Story

Latest Posts