We use cookies to understand how you interact with our site, to personalize and streamline your experience, and to tailor advertising. By continuing to use our site, you accept our use of cookies and accept our Privacy Policy.

Your Digital Commerce Experts
Nexcess Logo

Nexcess Blog

|
Category : security
October 03, 2017

WordPress Display Widgets Plugin Injects Malicious Content

The Display Widgets plugins has been removed from the WordPress Plugin repository after it was found to contain malicious code that was used to inject spam content onto the pages of WordPress sites. Display Widgets should be uninstalled immediately. The plugin should be removed even if the site’s owners and admins see no sign their […]

September 08, 2017

Why Do Spammers Attack WordPress Sites?

A WordPress site with web-facing forms will be spammed. If there’s a form to be filled in, it will be filled in by spammers, even when there is no clear motivation for doing so. Spammers register for membership of any site they find, they fill in forms for gated content, they submit fake email addresses […]

August 31, 2017

How Two-Factor Authentication Can Help Keep Your WordPress Site Safe

There are lots of hacked WordPress sites on the web. Hacked sites are often the victims of botnets that brute force the login process, trying lots of different combinations of usernames and passwords until they hit one that lets them in. After they have access they can plant malware or other undesirable content on a […]

August 15, 2017

WordPress Security Basics: What Do WordPress File Permissions Mean?

A WordPress site is made of files. Database aside — which is a special set of files — everything else is a chunk of data stored on the server’s file system. That includes content like images and the executable PHP files that comprise WordPress Core, themes, and plugins. It’s vitally important that only the right […]

July 27, 2017

Three WordPress Theme Red Flags You Should Know About

One of the WordPress ecosystem’s most attractive features is its endless variety of themes. Thousands of developers have created tens of thousands of themes, many of them free. There’s almost certainly a theme in the official repository or premium marketplaces to suit any style or functional requirement. For the most part, that’s a good thing, […]

June 21, 2017

WordPress Security Basics: What Is An SQL Injection Attack?

WordPress, along with most other content management systems, uses a database to store state. State is the things the content management system knows about, including the content and its organization, and user data. There are many different types of database, but WordPress uses one of the most popular open source SQL-based databases, MySQL. SQL is […]

June 14, 2017

Keyy Is A Clef Replacement For Intuitive WordPress Two-Factor Authentication

Many WordPress users were disappointed to hear that two-factor authentication provider Clef is shutting down. Clef was popular with WordPress site owners because it let them add an extra layer of security to their site without the complexity associated with other two-factor authentication systems. With over a million installations, the loss of Clef was a […]

June 13, 2017

OneLogin Breach Could Put WordPress Single Sign-On Users At Risk

OneLogin, a popular single sign-on service, has announced that sensitive data was leaked from its infrastructure during an attack. OneLogin, which is used on many WordPress sites and Magento eCommerce stores, has confirmed that the leaked data could include user information, passwords, API keys, secure notes and other data that could be used compromise user […]

May 31, 2017

What Is SEO Spam Malware And How Can It Hurt Your WordPress Site?

Black Hat SEOs and hackers are keen to find resources to exploit. A badly secured WordPress site makes a juicy target, and criminals use such sites for nefarious activities ranging from botnets to ransomware distribution. Of late, there has been a rise in a different sort of attack: SEO Spam Malware. What Is SEO Spam? […]

May 25, 2017

XSS Vulnerabilities Have Been Found In The Avada WordPress Theme

It has recently come to light that several critical vulnerabilities were fixed in the Avada theme in April, although ThemeFusion, the developers of the theme didn’t widely announce the patched release until several weeks later. If you use the Avada WordPress theme on your site, you should upgrade to Avada 5.1.5 as soon as possible. […]