Techdirt: Phishing Attacks On WordPress Site Owners Disguised As Copyright Infringement Warnings

Techdirt: Phishing Attacks On WordPress Site Owners Disguised As Copyright Infringement Warnings. “What makes this so devious is that, though the public has somewhat learned to filter out the common email phishing attempts, disguising all of this as a copyright infringement issue pointed at website owners is likely to ensnare more people than a common phish attempt.”

The Register: Thousands of websites run buggy WordPress plugin that allows complete takeover

The Register: Thousands of websites run buggy WordPress plugin that allows complete takeover. “Miscreants have reportedly scanned almost 1.6 million websites in attempts to exploit an arbitrary file upload vulnerability in a previously disclosed buggy WordPress plugin. Traced as CVE-2021-24284, the vuln targets Kaswara Modern WPBakery Page Builder Addons and, if exploited, it would allow criminals to upload malicious JavaScript files and even completely take over an organization’s website.”

WordPress: 7 Best Security Plugins to Protect Your WordPress Site

WordPress: 7 Best Security Plugins to Protect Your WordPress Site. “f your website is running on WordPress and you haven’t invested in a robust security plugin, your site could be next on the hit list. Thankfully, there are a number of reliable and highly adaptable plugins available for WordPress sites (you can browse a few of the options available at Envato) but how do you know which one is right for your business?”

WP Tavern: rtCamp Launches WordPress Plugin Compare Project

WP Tavern: rtCamp Launches WordPress Plugin Compare Project. “The team behind rtCamp, a 125-person agency and a WordPress VIP Gold agency partner, has launched a new tool called WordPress Plugin Compare Project (WPPC) to help users extend WordPress with the right plugins for their needs. WPPC lets users search for plugins to compare and customize each selection displayed on [a] chart.”

The Hacker News: YODA Tool Found ~47,000 Malicious WordPress Plugins Installed in Over 24,000 Sites

The Hacker News: YODA Tool Found ~47,000 Malicious WordPress Plugins Installed in Over 24,000 Sites. “As many as 47,337 malicious plugins have been uncovered on 24,931 unique websites, out of which 3,685 plugins were sold on legitimate marketplaces, netting the attackers $41,500 in illegal revenues. The findings come from a new tool called YODA that aims to detect rogue WordPress plugins and track down their origin, according to an 8-year-long study conducted by a group of researchers from the Georgia Institute of Technology.”

Ars Technica: Researchers find backdoor lurking in WordPress plugin used by schools

Ars Technica: Researchers find backdoor lurking in WordPress plugin used by schools. “The premium version of School Management, a plugin schools use to operate and manage their websites, has contained the backdoor since at least version 8.9, researchers at website security service JetPack said in a blog post without ruling out that it had been present in earlier versions. This page from a third-party site shows that version 8.9 was released last August.”

Search Engine Journal: How to Block, Scrapers, Hackers and Spammers with Wordfence

Search Engine Journal: How to Block, Scrapers, Hackers and Spammers with Wordfence. “Wordfence is a popular WordPress security plugin. Among the features are scanner that monitors for hacked files and a firewall with regularly updated rules that proactively blocks malicious bots. There’s also a useful feature tucked away in the tool that makes user-configurable firewall rules available that can supercharge your ability to block hackers, scrapers and spammers.” These are powerful techniques that look like they could go powerfully wrong, so proceed with caution.

MakeUseOf: The Top 7 Plugins for Cloning a WordPress Website

MakeUseOf: The Top 7 Plugins for Cloning a WordPress Website . “Cloning your WordPress website is a useful way of backing up your files or transferring your site to a staging or live environment. You can do this the manual way if you’re comfortable working on the backend of websites. But an alternative approach is to use a WordPress plugin. A plugin is the easier method, and in this article, we’ll take a quick look at seven of the best.”

The Verge: How WordPress And Tumblr Are Keeping The Internet Weird

The Verge: How WordPress And Tumblr Are Keeping The Internet Weird. “Matt Mullenweg is the CEO of Automattic, the company that owns WordPress.com, which he co-founded, and Tumblr, the irrepressible social network it acquired from the wreckage of AOL, Yahoo, and Verizon. Matt’s point of view is that the world is better off when the web is open and fun, and Automattic builds and acquires products that help that goal along. That bet is perhaps most pronounced with WordPress itself.”

Bleeping Computer: Hundreds of GoDaddy-hosted sites backdoored in a single day

Bleeping Computer: Hundreds of GoDaddy-hosted sites backdoored in a single day. “Internet security analysts have spotted a spike in backdoor infections on WordPress websites hosted on GoDaddy’s Managed WordPress service, all featuring an identical backdoor payload. The case affects internet service resellers such as MediaTemple, tsoHost, 123Reg, Domain Factory, Heart Internet, and Host Europe Managed WordPress.”