WordPress Easy WP SMTP plugin <= 1.3.9 - Unauthenticated arbitrary - wp_options import vulnerability

Last week, two cybersecurity companies found a Zero-Day vulnerability in WordPress SMTP Plugin. The vulnerability is located in the new import/export functionality added in v1.3.9 of Easy WP SMTP. It lets attackers exploit the lack of capability checks in the plugin’s admin_init hook to alter any values in the wp_options table. Additionally, since the admin_init … Read more

Remote File Inclusion (RFI)

Remote File Inclusion (RFI)

Remote File Inclusion (also known as RFI) is the process of including remote files through the exploiting of vulnerable inclusion procedures implemented in the application. This vulnerability occurs, for example, when a page receives, as input, the path to the file that has to be included and this input is not properly sanitized, allowing external … Read more

Malware plugin’s to WordPress (woocomerce & aksimet)

Malware Signature Updates

When WordPress website user account compromised, there is possibility upload plugins. We have seen new malware plugins for WordPress which are named with woocomerce and aksimet. These plugins not have anything doing with real plugins, which are woocommerce and akismet. Both of these plugins use WordPress add_action(‘init’,”) function to activate itself and ready take commands … Read more

Configure Two-Factor Authentication for WHM/cPanel

Configure Two-Factor Authentication for WHM or cPanel

Even if you still have a handy password for your account, you still want account to be as safe as possible. Two Factor Authentication gives you an additional layer of security when accessing your cPanel/WHM account. In this guide we will discuss how to setup, configure, and use two step authentication options within the Web … Read more

How to Add Two-Factor Authentication in WordPress

Wordpress Two-Factor authentication plugins

Have you noticed that sites like Facebook and Google now give you the ability to add two-factor authentication to enhance security? Well now you can add to two-factor authentication to your WordPress site. This ensures maximum security for your WordPress site. In this article, we will show you how to add two-factor authentication to the … Read more

Technology & Development partnership with OpsShield (cPGuard)

cPGuard

Malware.Expert a leading provider well-known for Commercial WAF rules, ClamAV Signatures for PHP and for many other projects under their hood announcing its technology/development partnership with OpsShield, an Indian based development and server management company offering security suite for cPanel servers and other security/management solutions for Linux servers. “We are very excited to join cPGuard … Read more

WordPress Two-Factor Authentication Plugins

Wordpress Two-Factor authentication plugins

Most websites are created by using WordPress application because of its user friendly interface and ease of use. Nowadays updates for major web application are released more faster than ever, this situation was due to that hackers are more efficient to break every code for finding any loopholes aggressively. So if any vulnerabilities are reported, … Read more

What is Two-Factor authentication

two factor authendication

Two-factor authentication is an additional security layer for your Website or business helping to rescue from the vulnerabilities of a standard password-only approach.v Nowadays, It is more dangerous to use online services to store too much data in your cloud, and your credit cards are linked to accounts with retail websites. Two-factor authentication (2FA) adds … Read more

Howto Configure CSF with cPanel server

Configure CSF with cPanel

What Is Configserver Security And Firewall (CSF) ? CSF is commonly used firewall that provides a good level of protection with easy to manage commands. It is used for Login/Intrusion detection, SSH login notification, Excessive connection blocking, Suspicious file reporting etc. In this tutorial, we will go through the Configuration of CSF in cPanel server … Read more

WordPress GDPR Compliance Plug-in exploited (Privilege Escalation Flaw)

Vulnerability

On the 6th of November 2018, a popular WordPress plugin known as WP GDPR Compliance plugin, which is created to help website owners with GDPR compliance, was found to contain harmful vulnerabilities for privilege escalation that could allow for arbitrary code execution. Hackers have exploited this vulnerability to attack a number of websites. The vulnerability … Read more