A critical vulnerability was fixed in the WordPress plugin Essential Addons for Elementor. Do you want to be the first to be alerted about such vulnerabilities? Sign up for Patchstack. For plugin developers, we have security audit services and Threat Intelligence Feed API for hosting companies. Update February 1st, 2022: we would like to make clear that we did not originally […]
The decision to publicly report a vulnerability that has no patch does not come easily, however, in certain circumstances it is the only option available to protect users from running insecure code. You may have guessed where I am going with this if you have been reading or listening to the Patchstack Security Weekly updates […]
This blog post explains how to write custom firewall rules using Patchstack app. Patchstack App users get automatic protection against new plugin vulnerabilities via the default WAF (web application firewall) rules which are enough for most site owners. But, did you know the Patchstack app supports custom WAF rules as well? Knowing how to write […]
On the 6th of January 2022, WordPress.org released a security update and recommended users to “update your sites immediately”. This WordPress core 5.8.3 security update addresses 4 different security vulnerabilities which affect WordPress core versions between 3.7 and 5.8. For many, WordPress automatically updates the core to the latest version. Check if your WordPress version […]
With the latest version of the Patchstack plugin, we have re-introduced WordPress login page protection – a feature to block access to the standard login page. About security through obscurity Recently we removed the ability to “hide” the wp-login.php and /wp-admin/ (which redirects to the login page) pages due to the fact that the real […]
With nearly a decade of working on WordPress security and website security, we’ve probably seen every kind of attack you could imagine. Some breaches are obvious while many might go undetected for months or even longer. This makes it harder to pinpoint the exact reason why the site was hacked in the first place. Criminals […]
Recently, an extremely critical remote code execution vulnerability was made public for the Apache Log4j logging library. If an organization or software made use of Apache Log4j logging library and the vulnerable version was running, it made it possible for malicious people to remotely execute commands which in many cases required no pre-requisites. A comprehensive […]
The worst possible time to suffer an attack or data breach is on Christmas. This article explains why you need to protect websites before the winter holidays. It’s the time we spend a lot of time away from work, with family and friends, vacationing, and drinking hot chocolate in front of a fireplace. So what […]