THE WORDPRESS SECURITY GUIDE – STEP BY STEP

WordPress security is a topic of huge importance for every website owner. Google blacklists around 10,000+ websites every day for malware and around 50,000 for phishing every week. If you are serious about your website, then you need to pay attention to the WordPress security best practices. In this guide,…
Read More

WordPress Security: XSS – Session Hijacking

In Practical Scenarios for XSS Attacks, we know XSS can lead to multiple attack scenarios, today, we will look into detail on how AppCalcium for WordPress Security works. We will use one real-world WordPress Plugin vulnerability (https://cxsecurity.com/ascii/WLB-2019090152) to study how AppCalcium for WordPress Security works proactively. Here are steps on…
Read More

Advanced Techniques to Bypass & Defeat XSS Filters, Part 2

Cross-site scripting can be one of the easiest vulnerabilities to discover, but to be successful with this type of attack, it is essential to learn how to get past filters. In the previous guide, we explored some ways to do this, such as abusing attributes and event handlers and tricking the…
Read More

Advanced Techniques to Bypass & Defeat XSS Filters, Part 1

There is no shortage of defenses against cross-site scripting (XSS) since it is so prevalent on the web today. Filters are one of the most common implementations used to prevent this type of attack, usually configured as a blacklist of known bad expressions or based on regex evaluation. But there is hope with a…
Read More

WordPress Security: Two-Factor Authentication

Two-factor authentication for WordPress is very useful for securing your site. It can prevent unauthorized and malicious users from gaining access to your WordPress website. As the name suggests, two-factor authentication for WordPress basically means that you add an extra layer of authentication before login.  In this article, we will…
Read More

WordPress Security: Hardening WordPress

How many times have you walked out of the front door of your house for just a few minutes and not bothered to lock the front door? Probably on more than one occasion, right? What about leaving your car unlocked for just a few minutes — seriously, who’s going to…
Read More

Practical Scenarios for XSS Attacks

Cross site scripting (XSS) is a common attack vector that injects malicious code into a vulnerable web application. XSS differs from other web attack vectors (e.g., SQL injections), in that it does not directly target the application itself. Instead, the users of the web application are the ones at risk. In…
Read More

WordPress’ market share is 34% of all websites

According to W3Techs, WordPress powers 34% of all the websites on the Internet, including those without a content management system (CMS) or with a custom-coded CMS. Or to put it another way, WordPress powers over one-third of the web! And if you limit the data set to only websites with a…
Read More

WordPress Security – 19 Steps to Lock Down Your Site

When it comes to WordPress security, there are a lot of things you can do to lock down your site to prevent hackers and vulnerabilities from affecting your ecommerce site or blog. The last thing you want to happen is to wake up one morning to discover your site in…
Read More