Genericons DOM-based XSS Vulnerability

Hundreds of WordPress themes and plugins that make use of the Genericons package, could be vulnerable to a DOM-based XSS vulnerability affecting millions of WordPress installations. Genericons are versatile vector icons embedded in a webfont from Automattic (the creators of WordPress). The vulnerability resides in the examples.html file included in the Genericons package by default. […]

Read More →

WordPress 4.2.1 Security Release addresses yet another XSS vulnerability

Yesterday, WordPress announced another security release, urging all users to update all WordPress installations immediately. WordPress Security Release 4.2.1 fixes yet another Stored Cross Site Scripting (XSS) vulnerability, which allows an unauthenticated user to inject JavaScript in WordPress comments. The injected script can be affect both WordPress users and WordPress administrators, and therefore this vulnerability is […]

Read More →

Top tips to secure your web server

Powering over 90% of the world wide web, Apache, IIS and nginx are considered the 3 most important web servers. They are considered to be easy to get up and running, have an active development team behind them and react quickly to security issues. Most companies running these web servers trust the communication to the […]

Read More →

The Consequences of Having a Hacked Website

Cybercrimes are at an all time high, with hackers and identity thieves making a living from selling private or corporate data. If you have a hacked website, it can have far reaching repercussions especially if your website databases include your customers’ private and confidential information, such as their email addresses and credit card details. It […]

Read More →

What Is An .htaccess File?

An .htaccess file is a configuration file which provides the ability to specify configuration settings for a specific directory in a website. The .htaccess file can include one or more configuration settings which apply only for the directory in which the .htaccess file has been placed. So while web servers have their own main configuration […]

Read More →

Weak WordPress Directory Permissions Can Be Exploited On Your Site

If a directory is not configured with the correct permissions, an intruder can upload and execute malicious files and modify critical files which can compromise your WordPress security. Eventually, the malicious user can gain full control over your web server which can lead to other serious security issues like loss of sensitive information, complete website disruption, […]

Read More →

PHP Security Directive: Your Website is Showing PHP Errors

With the display_error PHP configuration directive enabled, untrusted sources can see detailed web application environment error messages which include sensitive information that can be used to craft further attacks. Attackers will do anything to collect information in order to design their attack in a more sophisticated way to eventually hack your website or web application, and causing […]

Read More →

Your WordPress Database Table Prefix Is Not Secure

Prefixes are given to table names so they cannot be easily guessed by a hacker or malicious user. When guessed, the default database table prefix can make life easy for a hacker and enable attacks (like SQL Injection) to be easier to execute successfully. By using the default prefix, your WordPress database security is at […]

Read More →