Hundreds of WordPress themes and plugins that make use of the Genericons package, could be vulnerable to a DOM-based XSS vulnerability affecting millions of WordPress installations. Genericons are versatile vector icons embedded in a webfont from Automattic (the creators of WordPress). The vulnerability resides in…
WordPress 4.2.1 Security Release addresses yet another XSS vulnerability
Yesterday, WordPress announced another security release, urging all users to update all WordPress installations immediately. WordPress Security Release 4.2.1 fixes yet another Stored Cross Site Scripting (XSS) vulnerability, which allows an unauthenticated user to inject JavaScript in WordPress comments. The injected script can be affect both…
Top tips for a secure web server
Powering over 90% of the world wide web, Apache, IIS and nginx are considered the 3 most important web servers. They are considered to be easy to get up and running, have an active development team behind them and react quickly to security issues. Most…
The Consequences of Having a Hacked Website
Cybercrimes are at an all time high, with hackers and identity thieves making a living from selling private or corporate data. If you have a hacked website, it can have far reaching repercussions especially if your website databases include your customers’ private and confidential information,…
Avoid Using the Root Account to Access a WordPress MySQL Database
Nowadays, most web applications use databases in order to store all information and data required for a website or blog to run efficiently and dynamically. These databases often contain configuration settings as well as confidential information, such as user passwords. In order to restrict access…
What Is An .htaccess File?
An .htaccess file is a configuration file which provides the ability to specify configuration settings for a specific directory in a website. The .htaccess file can include one or more configuration settings which apply only for the directory in which the .htaccess file has been…
Weak WordPress Directory Permissions Can Be Exploited On Your Site
If a directory is not configured with the correct permissions, an intruder can upload and execute malicious files and modify critical files which can compromise your WordPress security. Eventually, the malicious user can gain full control over your web server which can lead to other serious…
Your WordPress Installation Is Using the Default Admin Account
Using the default Admin WordPress Account, hackers can easily launch a brute force attack against it. In order to help deter this type of attack, you should change your default WordPress administrator username to something more difficult to guess. Fix: Do not make the following…
PHP Security Directive: Your Website is Showing PHP Errors
With the display_error PHP configuration directive enabled, untrusted sources can see detailed web application environment error messages which include sensitive information that can be used to craft further attacks. Attackers will do anything to collect information in order to design their attack in a more sophisticated way…