Of late, XSS attacks have become increasingly complex, using JavaScript functions to compromise websites. Such vulnerabilities can lead to severe consequences, including unauthorized admin creation and the installation of malware. Sites can be entirely taken over with a single attack request.  Our research and analysis revealed a troubling trend: the methods employed by attackers are…

MalCare has been proactively blocking over 100,000 cross-site scripting (XSS) attacks daily targeting customer websites. These attacks attempt to exploit a vulnerability found in the popular Popup Builder plugin, and MalCare’s Atomic Security has stopped them cold—without needing a special patch.  This vulnerability has seen a huge volume of attacks because it has a very…

Managing a WordPress site has two big tasks: keep an eye on things (monitor) and keep things running well (maintain). Without good management, your website is at risk. Your visitors’ experience worsens. Your place on Google search results can drop. You could even start losing money. Trying to keep an eye on all this stuff…

Every website owner knows that security should be a top priority but, what is the best way to do so? There are a few routes you can take. You can manage security by configuring a security plugin like MalCare. You can also get some modicum of security by choosing a secure web hosting provider—but those…

Security keys in WordPress are used to store a lot of critical information. For instance, they are used to manage logged-in sessions securely. Most of the time, you can forget they exist, and they continue to do their job well.  After a hack, however, the scenario is different. Changing the security keys becomes critical to…

MalCare recently blocked over 26,000 remote code execution (RCE) attacks on its customer websites. These attacks exploited a vulnerability found in the popular Bricks Theme Builder. Our firewall is protecting sites as they are being updated. The theme is being actively exploited on a large scale.  What happened So far, MalCare has blocked 26,192 RCE…

Your WordPress site can be threatened for a whole host of reasons. Vulnerable plugins and weak passwords, for example, are some of the popular roots of a hack.  A hack can cause you to lose revenue, clients and potentially cost a lot to recover. It can be detrimental for your content and brand.  But, what…

In the vast ocean of website security logs, finding a particular piece of information often seems like searching for a proverbial needle in a haystack. Whether you’re tracking down a specific security threat, auditing access paths, or simply ensuring everything’s working properly, the sheer volume of log entries can be overwhelming. It’s like trying to…

These days, individuals use public computers or networks, employees share devices in the workplace, and remote users connect from personal devices or VPN. This has made it very important to automatically log out idle users. Keeping idle users logged in is like leaving your house doors unlocked while you’re away: it invites trouble. This oversight…

Making huge changes to a website can be stressful for administrators. However, updating your plugins, themes, and core files is necessary for security. Updating your branding, for example, is important for customer experience. But, making such large changes comes with some risk. New eCommerce orders may get lost if you’re migrating your site. You also…