Howto detect malware’s with WP-CLI

WP-CLI is the command-line interface for WordPress. You can update plugins, configure multisite installations and much more, without using a web browser. This tool need ssh access to server using it. More information for this tool found their homepage. This tutorial we show how you can detect malware’s in WordPress installation. WP-CLI Installation Depend your … Read more

WordPress Easy WP SMTP plugin <= 1.3.9 - Unauthenticated arbitrary - wp_options import vulnerability

Last week, two cybersecurity companies found a Zero-Day vulnerability in WordPress SMTP Plugin. The vulnerability is located in the new import/export functionality added in v1.3.9 of Easy WP SMTP. It lets attackers exploit the lack of capability checks in the plugin’s admin_init hook to alter any values in the wp_options table. Additionally, since the admin_init … Read more

Malware plugin’s to WordPress (woocomerce & aksimet)

Malware Signature Updates

When WordPress website user account compromised, there is possibility upload plugins. We have seen new malware plugins for WordPress which are named with woocomerce and aksimet. These plugins not have anything doing with real plugins, which are woocommerce and akismet. Both of these plugins use WordPress add_action(‘init’,”) function to activate itself and ready take commands … Read more

How to Add Two-Factor Authentication in WordPress

Wordpress Two-Factor authentication plugins

Have you noticed that sites like Facebook and Google now give you the ability to add two-factor authentication to enhance security? Well now you can add to two-factor authentication to your WordPress site. This ensures maximum security for your WordPress site. In this article, we will show you how to add two-factor authentication to the … Read more

WordPress Two-Factor Authentication Plugins

Wordpress Two-Factor authentication plugins

Most websites are created by using WordPress application because of its user friendly interface and ease of use. Nowadays updates for major web application are released more faster than ever, this situation was due to that hackers are more efficient to break every code for finding any loopholes aggressively. So if any vulnerabilities are reported, … Read more

WordPress GDPR Compliance Plug-in exploited (Privilege Escalation Flaw)

Vulnerability

On the 6th of November 2018, a popular WordPress plugin known as WP GDPR Compliance plugin, which is created to help website owners with GDPR compliance, was found to contain harmful vulnerabilities for privilege escalation that could allow for arbitrary code execution. Hackers have exploited this vulnerability to attack a number of websites. The vulnerability … Read more

wp-crawl.php

Malware details

WordPress Duplicator version below <1.2.42 have Remote Code Execution (RCE) vulnerability, which allow modify wp-config.php file and inject malicious PHP code in there. Vulnerable code in this case isn’t present within the Duplicator plugin directory itself. The flaw becomes exposed when using Duplicator to migrate or restore a backed-up copy of a WordPress site. Reminder … Read more

Disable Theme and Plugin Editors from WordPress

Security

This is a big problem, if customer using very weak password’s with default username’s like admin/administrator and etc. Even if you don’t use default username you can get it very easily. Get WordPress username https://wordpress.site/?author=1 This redirects your correct username author page and you can get easily correct username which is probably admin user. If … Read more