For the past six months, we have reported quite a lot of vulnerabilities we discovered in WordPress themes and plugins. Here are some interesting stats and facts about them, as well as a few recommendations for developers.
In this article we will see how to provide a very high level of protection to a WordPress blog with a web application firewall.
NinjaScanner is a lightweight, fast and powerful antivirus scanner for WordPress which includes many features to help you scan your blog for malware and virus.
Starting from version 3.0, NinjaFirewall, our Web Application Firewall for PHP (Pro and Pro+ Edition) and WordPress (WP and WP+ Edition), includes a new powerful filtering engine.
While cleaning-up a hacked WordPress site, we found that some malicious code was added to the theme by its developers.
Twenty five plugins for WordPress were found to be vulnerable to cross-site request forgery (CSRF) attacks.
With a proof of concept and a video, we explain in this post how hackers exploit XSS vulnerabilities in order to create administrator accounts on your blog.
Critical zero-day vulnerability fixed in WordPress File Manager (700,000+ installations). Update immediately.
The WordPress Kali Forms plugin (30,000+ active installations) fixed multiple vulnerabilities affecting version 2.1.2 and below.