With the latest version of the Patchstack plugin, we have re-introduced WordPress login page protection – a feature to block access to the standard login page. About security through obscurity Recently we removed the ability to “hide” the wp-login.php and /wp-admin/ (which redirects to the login page) pages due to the fact that the real […]
In this article, we will introduce our Alliance (formerly Red Team) member Lenon Leite. Lenon has been an Alliance member since March 2021. Patchstack Alliance is a community of independent security researchers who contribute to building a safer web. The Alliance members identify and report security vulnerabilities in WordPress plugins and themes to help software vendors address security issues […]
Welcome to the Patchstack Weekly Security Update! This update is for week 50 of 2021. It is mid-December, and we are still waiting to see the total impact of a vulnerability reported in the open-source component: log4j. This is a library used in a large number of java applications and I will get the details […]
With nearly a decade of working on WordPress security and website security, we’ve probably seen every kind of attack you could imagine. Some breaches are obvious while many might go undetected for months or even longer. This makes it harder to pinpoint the exact reason why the site was hacked in the first place. Criminals […]
Recently, an extremely critical remote code execution vulnerability was made public for the Apache Log4j logging library. If an organization or software made use of Apache Log4j logging library and the vulnerable version was running, it made it possible for malicious people to remotely execute commands which in many cases required no pre-requisites. A comprehensive […]
Welcome back to the Patchstack Weekly security update, this update is for December 9th, 2021. We will talk about the Gravatar breach, web history, and vulnerabilities from this week. In this week’s session, we have two high-risk vulnerabilities to report in WordPress plugins and I will talk about the Gravatar email leaks, one-way encryption, and […]
Welcome back to the Patchstack Weekly Security update! This update is for December 2nd, 2021 and in this update, I will focus on dependency confusion. This week is a good week, there are no high-risk vulnerabilities to report on in the WordPress ecosystem. But, that does not mean there is nothing to talk about as […]
The WP-VCD malware for WordPress has existed for many years. It mainly spreads by injecting itself into legitimate plugins and themes after which it will spread itself on sites that offer downloads to (nulled) WordPress plugins and themes. We noticed that during the corona-virus pandemic, the WP-VCD malware has also started injecting itself into plugins that can […]
The worst possible time to suffer an attack or data breach is on Christmas. This article explains why you need to protect websites before the winter holidays. It’s the time we spend a lot of time away from work, with family and friends, vacationing, and drinking hot chocolate in front of a fireplace. So what […]
Welcome to the Patchstack Weekly. It’s week 47 and this week we talk about incident response, Hide My WP vulnerabilities, and GoDaddy breach. This update is for November 25th, 2021. This week’s news is about a breach at a major hosting provider that affected over a million WordPress websites, and I will cover a premium […]