Sucuri

StackPath has acquired MaxCDN. If you use…

Photo of author
Brian Krogsgard
StackPath has acquired MaxCDN. If you use MaxCDN, it doesn't seem you will be effected in the short term, though based on what I'm reading today, a move upmarket might be in the works down the road. StackPath was started by…

Sucuri has prepared and released it’s…

Photo of author
Brian Krogsgard

Sucuri has prepared and released it's first Website Hacked Report for the first quarter of 2016 (direct link to PDF here). Lots of interesting data points in the analysis of over 11,000 infected websites. This is one of the ones…

There’s a Stored XSS vulnerability affecting…

Photo of author
Brian Krogsgard

There's a Stored XSS vulnerability affecting the bbPress plugin. This bug is present on every default install of bbPress < 2.5.9, so chances are you might be effect if you have the plugin installed anywhere. Sucuri has more info on…

Sucuri does another of its great…

Photo of author
Brian Krogsgard

Sucuri does another of its great in-depth reports on how hackers can add malware and other bad things to your website. This time they show how hackers can tweak WordPress to hide spammy posts from real visitors while leaving them…

It’s nice to see Sucuri is…

Photo of author
It's nice to see Sucuri is offering SSL certificates to their customers at no charge with LetsEncrypt. With WordPress.com adopting SSL everywhere and ways you can currently installing a LetsEncrypt SSL on hosts like SiteGround, DreamHost, and Bluehost, I'm wondering…

1.4 million WordPress.com custom domains have just gone fully SSL

Photo of author
Brian Krogsgard

WordPress.com makes up for a huge number of LetsEncrypt's total SSL certificates. This morning, Automattic flipped the switch on enabling LetsEncrypt certificates for 1.4 custom domains on the platform. They had already enabled SSL on all WordPress.com subdomains, but this…

Sucuri posted some insight on how…

Photo of author

Sucuri posted some insight on how they clean infected websites. It's good background knowledge to know what the general procedure is -- and their tips on how to be prepared also serves as a reminder to those who upkeep any website,…

Sucuri has a really in-depth walkthrough…

Photo of author

Sucuri has a really in-depth walkthrough of the Akismet XSS vulnerability they discovered, and it's a nasty 9/10 on their DREAD score. That basically means it's easy to do, and can result in a very bad outcome. Fortunately, auto-updates and…

Akismet getting auto-updated for critical XSS bug

Photo of author
Brian Krogsgard

Akismet has a critical XSS bug that dates back quite some time. A researcher from Sucuri notified us of an XSS vulnerability in the Akismet WordPress plugin. This bug affects all versions of the Akismet WordPress plugin since 2.5.0, but…

iThemes Security is integrating Sucuri malware scanning

Photo of author
Brian Krogsgard
iThemes announced today that both their free iThemes Security and their commercial iThemes Security Pro plugins are integrating Sucuri's malware scanning service. The free one is just an opt-in one off option, which is nice but can also be accomplished…

Sucuri want to compete with CloudFlare

Photo of author
Brian Krogsgard
Sucuri is seeking to build a full CloudFlare alternative, according to WP Tavern: “The fundamental difference is that it’s security first, performance second,” Perez said. “So yes, in the coming months you’ll see more as our solution blossoms into a…

Understanding WordPress security vulnerabilities

Photo of author
Brian Krogsgard
Daniel Cid has a good post on Sucuri that describes how they look at WordPress plugin vulnerabilities. Contrary to popular belief, just because you hear “SQL Injection”, it doesn’t mean someone can actually hack your site. The real problem comes…

Another Sucuri “responsible disclosure” postmortem

Photo of author
Brian Krogsgard
James Giroux manages operations at PageLines. Last week, they were notified of a vulnerability by Sucuri, and he went through the rigmarole most of us are familiar with of juggling responsible disclosure and implementing a fix. James did a postmortem on…
A2 Hosting
Omnisend
WordPress.com