Restricting access to NinjaFirewall (WP Edition) settings.
Starting from version 1.8.1, it is possible to restrict access to NinjaFirewall (WP+/WP Edition) menu and settings. Note: Restrictions apply to single sites only, not to…
Category: Security
Fake wordpress-update.com site used to distribute malware via malicious plugins.
In recent days, we have worked on several infected WordPress websites that all had the particularity of having the same malicious plugin installed: Hackers gained access…
WordPress brute-force attack detection plugins comparison (2015 edition).
Following our 2013 benchmarks, we received quite a lot of requests to perform new ones and, this time, to include a category of plugins that wasn’t…
Critical vulnerability in Swift Security Hide WordPress Firewall plugin leads to phishing attack.
This is a very interesting spear phishing attack case that we had to deal with this week. Spear phishing are attempts directed at a specific individual,…
How to block web vulnerability scanners with iptables.
We are often asked how to block the DFind vulnerability scanner (A.K.A. “w00tw00t.at.ISC.SANS.DFind”) with NinjaFirewall, our Web Application Firewall for PHP and WordPress. The bad news…