Nexcess
Nexcess Blog Logo
Category : Security
June 21, 2017

WordPress Security Basics: What Is An SQL Injection Attack?

WordPress, along with most other content management systems, uses a database to store state. State is the things the content management system knows about, including the content and its organization, and user data. There are many different types of database, but WordPress uses one of the most popular open source SQL-based databases, MySQL. SQL is […]

June 14, 2017

Keyy Is A Clef Replacement For Intuitive WordPress Two-Factor Authentication

Many WordPress users were disappointed to hear that two-factor authentication provider Clef is shutting down. Clef was popular with WordPress site owners because it let them add an extra layer of security to their site without the complexity associated with other two-factor authentication systems. With over a million installations, the loss of Clef was a […]

June 13, 2017

OneLogin Breach Could Put WordPress Single Sign-On Users At Risk

OneLogin, a popular single sign-on service, has announced that sensitive data was leaked from its infrastructure during an attack. OneLogin, which is used on many WordPress sites and Magento eCommerce stores, has confirmed that the leaked data could include user information, passwords, API keys, secure notes and other data that could be used compromise user […]

May 31, 2017

What Is SEO Spam Malware And How Can It Hurt Your WordPress Site?

Black Hat SEOs and hackers are keen to find resources to exploit. A badly secured WordPress site makes a juicy target, and criminals use such sites for nefarious activities ranging from botnets to ransomware distribution. Of late, there has been a rise in a different sort of attack: SEO Spam Malware. What Is SEO Spam? […]

May 25, 2017

XSS Vulnerabilities Have Been Found In The Avada WordPress Theme

It has recently come to light that several critical vulnerabilities were fixed in the Avada theme in April, although ThemeFusion, the developers of the theme didn’t widely announce the patched release until several weeks later. If you use the Avada WordPress theme on your site, you should upgrade to Avada 5.1.5 as soon as possible. […]

April 04, 2017

Credit Card Scrapers Continue To Be A Risk On Insecure Magento Sites

Discovering that an eCommerce store has sent their credit card data to a malicious third party is the worst nightmare of many shoppers. They adopt an eminently sensible “once bitten, twice shy” attitude towards retailers who allow sensitive financial data to fall into the hands of criminals. Leaking credit card data is a great way […]

March 29, 2017

When Is It Right To Keep WordPress Vulnerabilities Secret?

Bugs are an inevitable part of the software development process. As hard as developers try to avoid them — and they try very hard indeed — mistakes will be made and some of those mistakes will cause security vulnerabilities. What’s important is how developers handle vulnerabilities when they do occur, including how they communicate about […]

January 25, 2017

WordPress Update Fixes Critical PHPMailer Vulnerability

WordPress 4.7 was released towards the end of last year and brought with it a host of new features, including a new default theme, theme starter content, and REST API content endpoints. As is usually the case with a major new WordPress version, WordPress 4.7 was closely followed by a minor release with bugfixes. WordPress […]

October 25, 2016

Magento eCommerce Merchants Should Be Vigilant For Credential And Credit Card Swipers

Magento eCommerce stores are high value targets for online criminals. Thousands of dollars a month pass through even small stores, and although the vast majority of those stores use external payment processors, malware embedded in the store’s pages could still be used to steal data as the user enters it. Using an external payment processor […]

August 18, 2016

The OurMine TechCrunch Hack Shows The Danger Of Poor Password Management On High-Profile WordPress Sites

On July 26, TechCrunch, a popular WordPress-based technology business blog, was compromised by OurMine, a team of hackers responsible for a series of attacks targeting high-profile individuals and sites. The attackers accessed a user account and published a blog post announcing that TechCrunch’s security had been breached. In this case, the attackers were relatively benign; […]