For the past 30 months, we have reported quite a lot of vulnerabilities we discovered in WordPress themes and plugins. Here are some interesting stats and facts about them, as well as few recommendations for all developers of WordPress plugins and themes.
In this article we will see how to provide a very high level of protection to a WordPress blog with a web application firewall.
NinjaScanner is a lightweight, fast and powerful antivirus scanner for WordPress which includes many features to help you scan your blog for malware and virus.
Starting from version 3.0, NinjaFirewall, our Web Application Firewall for PHP (Pro and Pro+ Edition) and WordPress (WP and WP+ Edition), includes a new powerful filtering engine.
16 WooCommerce product add-ons plugins fixed a critical broken access control vulnerability that could allow customers to take over the website and its database.
The WooCommerce Multi Currency plugin (7,700+ sales on Envato) fixed a broken access control vulnerability in version 2.1.17 and below that could allow customers to change the price of all products.
WordPress Automatic Plugin (26,000+ installations) fixed a critical vulnerability affecting version 3.53.2 and below that could allow unauthenticated users to take over the website and its database.
Wordpress Pinterest Automatic plugin (7,000+ installations) fixed a critical vulnerability affecting version 4.14.3 and below that could allow unauthenticated users to take over the website and its database.
A while back, I explained how hackers created hidden admin users after hacking a WordPress blog. In this post, we will see how they upload and hide rogue plugins.