Category: Security

  • GoDaddy did bad.

    GoDaddy did bad.

    Alerts from Wordfence and a press release from GoDaddy informed me of what I already knew. Security flaws let the bad guys in to get the data goods from their website hosting clients. Login credentials were compromised to install malware on some websites and enough proprietary data was stolen to send a ton of fake…

  • WordPress 5.0: How and When to Update

    WordPress 5.0 is being released tomorrow, December 6th. This release contains a major change to the WordPress editor. The new editor, code-named Gutenberg, is a substantial leap forward in functionality. It uses a new block-based system for editing which allows you to embed a wide range of content in your posts and pages, and gives…

  • Botnet of Infected WordPress Sites Attacking WordPress Sites

    The Defiant Threat Intelligence team recently began tracking the behavior of an organized brute force attack campaign against WordPress sites. This campaign has created a botnet of infected WordPress websites to perform its attacks, which attempt XML-RPC authentication to other WordPress sites in order to access privileged accounts. Between Wordfence’s brute force protection and the premium real-time…

  • Using Innocent Roles to Hide Admin Users

    Using Innocent Roles to Hide Admin Users

    All across the internet, we find guides and tutorials on how to keep your WordPress site secure. Most of them approach the concept of user roles, but not many actually approach the capabilities of those roles. The way the capabilities are handled on WordPress makes it quite easy to change what each role is allowed…