Critical vulnerability in WordPress Kiwi Social Sharing plugin actively exploited.

A critical vulnerability in the WordPress WordPress Kiwi Social Sharing plugin <2.0.11 (30,000+ active installations) is currently exploited since December 6th.

Posted on November 9, 2018June 19, 2019
NinjaFirewall

Critical vulnerability in WP GDPR Compliance plugin massively exploited.

A critical vulnerability in the WordPress WP GDPR Compliance plugin (100k+ active installations) is currently massively exploited.

Posted on August 9, 2018June 19, 2019
NinjaFirewall

Arbitrary file upload vulnerability in WordPress Ultimate Member plugin.

A critical vulnerability in the popular WordPress Ultimate Member plugin allows allows attackers to upload any files, including PHP backdoors.

Posted on March 17, 2018June 23, 2019
NinjaFirewall

Securing WordPress with a Web Application Firewall: NinjaFirewall (WP Edition).

In this article we will see how to provide a very high level of protection to a WordPress blog with a web application firewall.

Posted on March 16, 2018May 3, 2019
NinjaFirewall

NinjaFirewall and the General Data Protection Regulation (GDPR).

The purpose of this document is to inform you about how to be compliant with the General Data Protection Regulation (GDPR).

Posted on March 15, 2018July 30, 2018
NinjaFirewall

NinjaFirewall (Pro/Pro+ Edition) v3.3 new user interface.

NinjaFirewall (Pro/Pro+ Edition) v3.3 has a brand new user interface. It is responsive, makes use of Bootstrap and jQuery, and looks pretty much like our website…

Posted on January 4, 2018June 19, 2019
NinjaFirewall

Arbitrary file upload vulnerability in WordPress LearnDash LMS plugin.

While cleaning up several hacked WordPress blogs, we identified a critical zero-day vulnerability in the LearnDash LMS plugin v2.5.3 (https://www.learndash.com/) that allows an unauthenticated user to…

Posted on October 27, 2017August 17, 2018
NinjaFirewall

Syslog logging with NinjaFirewall.

NinjaFirewall WP+ (3.5.4), Pro and Pro+ (3.2.12) introduce a long awaited feature, Syslog logging: Syslog is a way for network devices to send event messages to…

Posted on May 3, 2017July 29, 2018
NinjaFirewall

NinjaFirewall PHP sessions debugging.

NinjaFirewall (WP and WP+ Edition) v3.4.3 introduces two new constants to help you debug potential PHP session issues such as whitelisted users being blocked by the…

Posted on January 8, 2017June 20, 2019
NinjaFirewall

NinjaFirewall Full WAF vs WordPress WAF mode.

Since version 3.4, NinjaFirewall (WP and WP+) can be installed in two different modes: Full WAF or WordPress WAF. Full WAF mode In Full WAF mode,…