NinjaFirewall PHP sessions debugging.

NinjaFirewall (WP and WP+ Edition) v3.4.3 introduces two new constants to help you debug potential PHP session issues such as whitelisted users being blocked by the…

Posted on January 13, 2017July 29, 2018
Security

Impedance mismatch: a hacker’s best friend.

A security application, such as a Web Application Firewall or an Anti-Virus, can be vulnerable to impedance mismatch attacks if it interprets traffic and input differently…

Posted on January 8, 2017July 29, 2018
NinjaFirewall

NinjaFirewall Full WAF vs WordPress WAF modes.

Since version 3.4, NinjaFirewall (WP and WP+) can be installed in two different modes: Full WAF or WordPress WAF. Full WAF mode In Full WAF mode,…

Posted on January 3, 2017July 29, 2018
Malware

Hackers targeting web hosts customer accounts.

Companies such as web hosts, registrars and CDNs have become a prime target for hackers. Because they host your DNS, hackers can alter them and reroute…

Posted on December 10, 2016July 29, 2018
NinjaFirewall

Arbitrary file upload vulnerability in WordPress Delete-All-Comments plugin.

On November 20th, while auditing a hacked WordPress website, we identified a critical vulnerability in the Delete All Comments WordPress plugin v2.0, which has over 30,000…

Posted on October 26, 2016July 29, 2018
Joomla!

Latest Joomla! critical vulnerability being actively exploited in the wild.

Joomla! 3.6.4 was released on October 25. It fixed three critical vulnerabilities: CVE-2016-8869, CVE-2016-8870 and CVE-2016-9081. The third one was discovered two days later. Someone published…

Posted on October 1, 2016July 29, 2018
NinjaFirewall

Centralized logging with NinjaFirewall.

Users of the premium WP+ and Pro+ Edition of our web application firewall, NinjaFirewall, can remotely access the firewall log of all their NinjaFirewall protected websites…

Posted on August 27, 2016July 29, 2018
Brute-force attack

Blocking a WordPress XML-RPC attack with the Linux kernel firewall.

One of our customers faced a large attack against his WordPress blog xmlrpc.php script. When I connected to his server, the CPU load was over 100.…

Posted on April 28, 2016July 29, 2018
Security

All In One WP Security & Firewall multiple XSS vulnerabilities (<=4.0.7).

NinTechNet identified multiple XSS vulnerabilities in the All In One WP Security & Firewall v4.0.7 plugin. The affected parameter was ‘tab’ (all pages): /wp-admin/admin.php?page=aiowpsec&tab=[XSS] /wp-admin/admin.php?page=aiowpsec_settings&tab=[XSS] /wp-admin/admin.php?page=aiowpsec_useracc&tab=[XSS]…

Posted on April 17, 2016July 29, 2018
NinjaFirewall

How to upgrade NinjaFirewall WP/Pro to the WP+/Pro+ Edition.

This article covers the steps to follow if you want to upgrade from the free NinjaFirewall WP or Pro Edition to the WP+ or Pro+ Edition.…