Une selection d'articles que nous avons aimés, quelques articles que nous avons nous-même rédigés et quelques informations bien de chez nous.
Since launching our website performance testing tool we have been getting a lot of questions about how to improve the speed and performance of WordPress websites. Many website owners are not aware how slow their sites are, so we are excited to help shed some light on the matter. There are a number of different resources available to help you dive into the world of performance optimization. In this article, I want to create a proper foundation for any website owner to start thinking about performance optimization. Continue reading WordPress Performance Optimization Guide at Sucuri Blog.
As part of a vulnerability research project for our Sucuri Firewall (WAF), we have been auditing multiple open source projects looking for security issues. While working on WordPress, we discovered was a severe content injection (privilege escalation) vulnerability affecting the REST API. This vulnerability allows an unauthenticated user to modify the content of any post or page within a WordPress site. We disclosed the vulnerability to the WordPress Security Team who handled it extremely well. Continue reading Content Injection Vulnerability in WordPress at Sucuri Blog.
When a website is hacked, we often find that attackers have injected multiple backdoors, web shells, and malicious code that allows them to regain access if the original vulnerability is patched. This allows hackers to continue abusing the website and server resources. One of the techniques they use is to add fake extensions that perform various malicious activities. In this note, we will give more details on an emerging malware campaign where attackers use a bogus WordPress plugin to trigger malicious redirects. Continue reading Fake bb_press Plugin Redirects to Mobile Pornography at Sucuri Blog.