The Display Widgets plugins has been removed from the WordPress Plugin repository after it was found to contain malicious code that was used to inject spam content onto the pages of WordPress sites. Display Widgets should be uninstalled immediately. The plugin should be removed even if the site’s owners and admins see no sign their […]
A WordPress site with web-facing forms will be spammed. If there’s a form to be filled in, it will be filled in by spammers, even when there is no clear motivation for doing so. Spammers register for membership of any site they find, they fill in forms for gated content, they submit fake email addresses […]
There are lots of hacked WordPress sites on the web. Hacked sites are often the victims of botnets that brute force the login process, trying lots of different combinations of usernames and passwords until they hit one that lets them in. After they have access they can plant malware or other undesirable content on a […]
A WordPress site is made of files. Database aside — which is a special set of files — everything else is a chunk of data stored on the server’s file system. That includes content like images and the executable PHP files that comprise WordPress Core, themes, and plugins. It’s vitally important that only the right […]
One of the WordPress ecosystem’s most attractive features is its endless variety of themes. Thousands of developers have created tens of thousands of themes, many of them free. There’s almost certainly a theme in the official repository or premium marketplaces to suit any style or functional requirement. For the most part, that’s a good thing, […]
WordPress, along with most other content management systems, uses a database to store state. State is the things the content management system knows about, including the content and its organization, and user data. There are many different types of database, but WordPress uses one of the most popular open source SQL-based databases, MySQL. SQL is […]
Many WordPress users were disappointed to hear that two-factor authentication provider Clef is shutting down. Clef was popular with WordPress site owners because it let them add an extra layer of security to their site without the complexity associated with other two-factor authentication systems. With over a million installations, the loss of Clef was a […]
OneLogin, a popular single sign-on service, has announced that sensitive data was leaked from its infrastructure during an attack. OneLogin, which is used on many WordPress sites and Magento eCommerce stores, has confirmed that the leaked data could include user information, passwords, API keys, secure notes and other data that could be used compromise user […]
Black Hat SEOs and hackers are keen to find resources to exploit. A badly secured WordPress site makes a juicy target, and criminals use such sites for nefarious activities ranging from botnets to ransomware distribution. Of late, there has been a rise in a different sort of attack: SEO Spam Malware. What Is SEO Spam? […]
It has recently come to light that several critical vulnerabilities were fixed in the Avada theme in April, although ThemeFusion, the developers of the theme didn’t widely announce the patched release until several weeks later. If you use the Avada WordPress theme on your site, you should upgrade to Avada 5.1.5 as soon as possible. […]
Your inbox needs more Nexcess
Grow your online business faster with news, tips, strategies, and inspiration.