Website Security News

In our daily interactions online, trust is a fundamental currency. We trust servers to handle our data, process our requests, and reliably deliver content. But what happens when that trust is abused and turned against the server itself? What if an attacker could trick your server into becoming an unwitting accomplice, abusing its privileged position to launch attacks from within the perceived safety of your own network? This is the core danger of Server-Side Request Forgery (SSRF), a vulnerability that has earned its own spot in the OWASP Top 10. Continue reading Understanding SSRF: Abusing Server Trust from the Inside Out at Sucuri Blog.

A common trend we see is that bad actors will upload malicious plugins to WordPress sites. These plugins serve a wide variety of functions from injecting spam to redirecting sites to other malicious content. In this article we will examine a more dangerous method where plugins can be used to steal admin credentials. Identifying the malware During a routine malware scan we noticed a plugin labeled wp-runtime-cache in the wp-content/plugins directory. Continue reading Fake WordPress Caching Plugin Used to Steal Admin Credentials at Sucuri Blog.

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners about potential threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this past month. The vulnerabilities listed below are virtually patched by the Sucuri Firewall and existing clients are protected. Continue reading Vulnerability & Patch Roundup — May 2025 at Sucuri Blog.

The depiction in the media of hackers tends to be that of balaclava-wearing villains who type furiously in a dark basement, motivated by nothing but evil intentions. However, while this may be true in some instances, by and large the determining factors that result in malware attacks are largely motivated not by ideology or malice but by material interests. In writing this post I couldn’t help but think of the self-parody TV series CSI: Cyber, specifically the episode where the basement-dwelling, greasy-haired, evil hacker hacks a roller coaster ride, killing everyone on board, simply because he is a bad evil guy who wants to do bad evil things to unsuspecting good people. Continue reading What Motivates Website Malware Attacks? at Sucuri Blog.

We recently assisted a customer who reported a persistent and concerning “Java Update” pop-up appearing on their WordPress website. This type of deceptive notification is a common tactic used by attackers to compromise website visitors. Our investigation revealed a malicious plugin operating stealthily within their WordPress environment. What Did We Find? A plugin installed in the /wp-content/plugins/contact-form/ directory, posed as “Yoast SEO”, complete with fake metadata to mislead site owners. However, it served a completely different purpose. Continue reading Fake Java Update Popup Found in Malicious WordPress Plugin at Sucuri Blog.

Last month, a customer reached out to us after noticing suspicious URLs on their WordPress site. Visitors reported being prompted to perform unusual actions. We began our investigation, scanning the site for common malware indicators and looking for signs of obfuscated JavaScript or injected iframes. What we found, however, was more subtle and potentially more dangerous. We have seen similar infections previously where the attacker would ask the users to run PowerShell commands on their system. Continue reading Fake Google Meet Page Tricks Users into Running PowerShell Malware at Sucuri Blog.

A new Cloudflare infection has once again been targeting WordPress sites. This new iteration of malware mimics a legitimate-looking Cloudflare verification page, which then tricks victims into following various commands and downloading malware. This style of malware is not new – our researcher Ben Martin wrote about a similar campaign targeting WordPress sites back in March. The difference between this new infection and previous ones is the location of where the malware is located – spread out among multiple themes and fake plugins. Continue reading Another Fake Cloudflare Verification Targets WordPress Sites at Sucuri Blog.

Picture this: your SSL certificate is like a carton of milk in your fridge. Sure, it’s good for a while, but let it sit too long, and you’re inviting a sour situation. At Sucuri, we’ve decided our certificates deserve a fresher approach—90 days fresh, to be exact. That’s right, we’re now renewing our SSL certificates every three months, and we’re here to tell you why this is the cybersecurity equivalent of a daily kale smoothie: good for you, great for security, and honestly, pretty trendy. Continue reading 90 Days to Shine: Why Sucuri’s SSL Certificates Are Living the Short Life (and Why That’s Awesome) at Sucuri Blog.

Cross-Site Request Forgery, often called CSRF (or its other nicknames, Session Riding and XSRF), is a tricky type of attack. In short, it lets attackers make users do things on websites without their consent or knowledge. This attack works by misusing the trust a web application puts in a user’s browser once they’re logged in. By duping the browser into sending fake requests (usually through shady emails or misleading links), CSRF allows unauthorized commands to hit a website. Continue reading Understanding CSRF: Cross-site Request Forgery Explained at Sucuri Blog.

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners about potential threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this past month. The vulnerabilities listed below are virtually patched by the Sucuri Firewall and existing clients are protected. Continue reading Vulnerability & Patch Roundup — April 2025 at Sucuri Blog.

Let’s set the scene: You go to visit a website and you get a “connection timed out” error. Is this a browser, internet, firewall, or hosting server issue? How do I know who to contact to get the issue resolved? Should I use ping, traceroute, or an MTR to get to the bottom of the issue? Let me explain why an MTR can be a great tool to get answers on a connection timeout issue. Continue reading MTR For Website Troubleshooting at Sucuri Blog.