Website Security News

Since December of last year there has been a new fake Google reCAPTCHA campaign making its way through the WordPress world. Very similar to malware which we wrote about last Summer, the website malware injection attempts to trick unsuspecting victims into executing malicious Powershell commands within Windows OS environments with the end goal of infecting their computers. The malware disguises itself as a fake Google ReCAPTCHA which lodges itself into the home page of the infected website: Since most surfers of the web have probably lost count years ago of the number of times they’ve had to click on all the fire hydrants, motorcycles, or traffic lights to prove they’re not a bot most people probably wouldn’t think twice about clicking through this prompt. Continue reading WordPress ClickFix Malware Causes Google Warnings and Infected Computers at Sucuri Blog.

We recently worked on an interesting case where Casino spam was visible in the page source, but couldn’t be located in any of the usual database rows or site files. Sitecheck flagged this as well. Casino and gambling spam is one of the most common types of spam attackers use. They are hoping that victims will submit personal information and credit card data on those pages. When search engines crawl infected sites, the spam pages will be indexed leading to malicious gambling pages appearing in search results that visitors may be tempted to click. Continue reading When Spam Hides In Plain Sight at Sucuri Blog.

At Sucuri, we often encounter cases where malware is deeply embedded in websites, hidden in files and scripts that can easily escape detection. In this article, we’ll walk you through a real-life incident where a customer contacted us about unusual behavior on their WordPress website. After a detailed investigation, we uncovered multiple backdoors allowing attackers to execute malicious code remotely. What was discovered? During our scan, we found a suspicious file located in /wp-content/mu-plugins/index.php. Continue reading Hidden Backdoors Uncovered in WordPress Malware Investigation at Sucuri Blog.

Recently, we had a client come to us concerned that their website was infected with credit card stealing malware, often referred to as MageCart. Their website was running on Magento, a popular eCommerce content management system that skilled attackers often target to steal as many credit card numbers as possible. The goal of attackers who are targeting platforms like Magento, WooCommerce, PrestaShop and others is to remain undetected as long as possible, and the malware they inject into sites is often more complex than the more commonly found pieces of malware impacting other sites. Continue reading Magento Credit Card Stealer Disguised in an <img> Tag at Sucuri Blog.

At Sucuri, we are committed to protecting websites from malware and other cyber threats. Recently, we were contacted by a customer who had experienced credit card data theft from their Magento-based eCommerce website. After an extensive investigation, we were able to trace the malware responsible for what was happening back to the Google Tag Manager script and assist in restoring the site’s security. We have detailed a previous similar infection here Malicious Activities with Google Tag Manager. Continue reading Google Tag Manager Skimmer Steals Credit Card Info From Magento Site at Sucuri Blog.

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners about potential threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this past month. The vulnerabilities listed below are virtually patched by the Sucuri Firewall and existing clients are protected. Continue reading Vulnerability & Patch Roundup — January 2025 at Sucuri Blog.

We’re excited to announce that the Sucuri Web Application Firewall (WAF) now supports HTTP/3, the latest version of the HTTP protocol. This upgrade brings significant performance improvements and enhanced security features to all websites protected by our WAF. The best part? It works automatically – if your visitor’s browser supports HTTP/3, they’ll immediately benefit from these improvements. What is HTTP/3? HTTP/3 represents the next evolution in web communication protocols, building upon the foundations laid by HTTP/2 while addressing its key limitations. Continue reading Sucuri WAF Now Supports HTTP/3: A Faster and More Secure Web Experience at Sucuri Blog.

Recently, a customer approached us after noticing their website was redirecting visitors to a suspicious URL. They suspected their site had been compromised and sought assistance in identifying and resolving the issue. This prompted a deeper investigation into the infection and its behavior. What did we see? The website’s redirects were leading to hxxps://cdn1[.]massearchtraffic[.]top/sockets. Continue reading Malware Redirects WordPress Traffic to Harmful Sites at Sucuri Blog.

Website backdoors are a silent yet deadly threat to website security. These stealthy mechanisms bypass standard authentication, providing attackers with persistent, unauthorized access to a website’s backend. Often overlooked, backdoors allow cybercriminals to maintain access long after an initial breach. Understanding the risks they pose and how to mitigate them is essential for website owners who value security, reputation, and operational integrity. The Threat of Website Backdoors Backdoors represent a sophisticated level of intrusion, allowing attackers to maintain control of a system without detection. Continue reading Backdoors: The Hidden Threat Lurking in Your Website at Sucuri Blog.

While investigating a compromised WordPress site, we discovered a malware infection causing Japanese spam links to appear in Google search results. Although the site had been cleaned, Google was still crawling and indexing spammy URLs, which impacted the site’s SEO and credibility. Japanese SEO Spam: A Common Threat Japanese SEO spam is a recurring issue that compromises websites to display spammy content in search engine results. Attackers often inject malicious URLs or sitemaps into a site’s infrastructure to manipulate its search rankings. Continue reading Japanese Spam on a Cleaned WordPress Site: The Hidden Sitemap Problem at Sucuri Blog.

Recently, we released an article where a credit card skimmer was targeting checkout pages on a Magento site. Now we’ve come across sophisticated credit card skimmer malware while investigating a compromised WordPress website. This credit card skimmer malware targeting WordPress websites silently injects malicious JavaScript into database entries to steal sensitive payment details. The malware activates specifically on checkout pages, either by hijacking existing payment fields or injecting a fake credit card form. Where was the malware found? Continue reading Stealthy Credit Card Skimmer Targets WordPress Checkout Pages via Database Injection at Sucuri Blog.