Website Security News

Most often bad actors try their best to hide their activities by using obfuscated code or by uploading fake plugins or themes that inject simple but malicious scripts into a site. Every now and then we encounter a case where legitimate software is used for malicious purposes. We recently uncovered a case where Sypex Dumper, a valid database backup utility, was injected into the WordPress files. When checking the core WordPress integrity, we noticed a file at wp-content/fonts/font.php. Continue reading When Good Software Goes Bad at Sucuri Blog.

Recently, we’ve encountered cases where WordPress websites were impacted by  Google Adsense hijackers. Attackers inject advertisements and scripts that steal website resources and pump ad views for their adsense accounts. This is not the first time we’ve seen attackers abusing popular Google services. In a previous case, we discovered a credit card skimmer hiding inside Google Tag Manager, allowing attackers to steal payment information from Magento sites. Cybercriminals are leveraging trusted platforms like Google Adsense and Google Tag Manager to compromise websites. Continue reading Ad-Jacked: Cybercriminals Inject Google Adsense into WordPress at Sucuri Blog.

Recently, a client of ours came to us concerned about credit card theft on their WordPress site. The client’s users reported that their credit card data had become compromised shortly after purchasing products on our client’s website. When investigating the site, two suspicious symptoms appeared: A strange credit card form, and an unfamiliar domain, which appeared on the website’s checkout page. The suspicious domain loading on the website was italicfonts[. Continue reading Fake Font Domain Used to Skim Credit Card Data at Sucuri Blog.

Updating your website means getting files to your server, but the process can feel like a chore when simply navigating in a conventional hosting panel. FTP and SFTP are essential tools for managing files on your server. Whether you’re uploading website content or downloading backups, these protocols offer a straightforward method to handle your site’s files, though they aren’t quite the same. In this guide, we’ll break down what these tools are, how to use them effectively, and why they matter for keeping your website secure and up-to-date. Continue reading Understanding FTP and SFTP: A Guide to Secure File Transfers at Sucuri Blog.

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners about potential threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this past month. The vulnerabilities listed below are virtually patched by the Sucuri Firewall and existing clients are protected. Continue reading Vulnerability & Patch Roundup — March 2025 at Sucuri Blog.

At Sucuri, our security researchers continually monitor for new malware variants and infection techniques targeting WordPress websites. Recently, we’ve uncovered multiple cases where threat actors are leveraging the mu-plugins directory to hide malicious code. This approach represents a concerning trend, as the mu-plugins (Must-Use plugins) are not listed in the standard WordPress plugin interface, making them less noticeable and easier for  users to  ignore during routine security checks. What Was Discovered Two different cases of malware emerged in the mu-plugins directory, both utilizing different methods to compromise WordPress sites: Fake Update Redirect Malware: Detected in the file wp-content/mu-plugins/redirect.php, this malware redirected site visitors to an external malicious website. Continue reading Hidden Malware Strikes Again: Mu-Plugins Under Attack at Sucuri Blog.

Magento remains a popular ecommerce platform in 2025 and its security patches play a vital role in addressing vulnerabilities that could otherwise be exploited by attackers. These patches help prevent issues like data breaches, website defacement, or unauthorized access, ensuring the safety of customer data and store operations. Given the platform’s widespread use, staying updated with patches is not just recommended–it’s essential for maintaining trust and compliance. In this guide, we’ll explain what Magento security patches are and why they matter, the difference between a hotfix and individual patch, how to install patches step-by-step, and how to keep yourself informed about new security updates from Adobe. Continue reading Quick Guide to Magento Security Patches at Sucuri Blog.

Today’s blog post will be a follow up to a previous article we posted a few weeks ago: We continue to see new variants of this malware campaign emerge. WordPress websites continue to be used as staging grounds to trick website visitors into running malicious powershell commands on their Windows computers in order to infect their machines with LummaStealer trojan malware. To quote our friends at MalwareBytes: “LummaStealer also known as  LummaC2 is a type of malicious software (often classified as an information stealer or infostealer) designed to surreptitiously collect sensitive data such as login credentials, browser cookies, cryptocurrency wallet information, and other valuable personal or system details. Continue reading Fake Cloudflare Verification Results in LummaStealer Trojan Infections at Sucuri Blog.

The battle against e-commerce malware continues to intensify, with attackers deploying increasingly sophisticated tactics. In a recent case at Sucuri, a customer reported suspicious files and unexpected behavior on their WordPress site. Upon deeper analysis, we discovered a complicated infection involving multiple components: a credit card skimmer, a hidden backdoor file manager, and a malicious script all working together as part of a coordinated attack. What Did We See? The customer initially contacted us after noticing unknown files on their server and experiencing intermittent issues with their checkout process. Continue reading Credit Card Skimmer and Backdoor on WordPress E-commerce Site at Sucuri Blog.

During a recent website security investigation, we uncovered a malicious JavaScript injection affecting a WordPress website. The infection was responsible for redirecting visitors to unwanted third-party domains, ultimately harming the site’s reputation and potentially exposing users to further malicious activity. What was discovered? A customer reached out to us, reporting that their website was unexpectedly redirecting visitors to malicious third-party sites. These unwanted redirections were not only frustrating for users but were also damaging the website’s reputation. Continue reading Cascading Redirects: Unmasking a Multi-Site JavaScript Malware Campaign at Sucuri Blog.

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners about potential threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this past month. The vulnerabilities listed below are virtually patched by the Sucuri Firewall and existing clients are protected. Continue reading Vulnerability & Patch Roundup — February 2025 at Sucuri Blog.