A distributed denial of service is a cyber-attack which aims at deranging the normal functioning of a server by flooding the targeted website with malicious traffic. As a result, the server becomes unavailable to users and your website faces downtime. If defined plainly, distributed denial of service or the DDoS attack is an elaborate and powerful cyberattack designed to disrupt…
WordPress version 4.4 and onwards include REST API infrastructure in the core. What does this mean for your website’s security? How to disable WP API JSON in WordPress? Read on to find out. What is the REST API? REST is short for Representational State Transfer. It is a standard client-server protocol that makes your website available as a web service.…
When shopping for web hosting packages, you will sometimes see providers boasting that their plans support multiple (or even unlimited) domains. This is a feature that is typically offered to upgraded plans; entry-level shared hosting plans usually limit you to one domain per account. For those with multiple websites, this sounds like a good idea; after all, paying $9.99 per…
Security has always been the topmost concern. Most people guard their homes with locks, while others install alarm systems for extra security. Since we shifted our whole lives to the digital world a while ago the need for security online has been louder. Consequently, cybersecurity emerged as a booming business and security experts as highly paid professionals. According to the…
WP maintenance plugin has been found to be vulnerable to CSRF and stored XSS. On November 15th, WordFence reported the vulnerability to WP maintenance plugin's developers. Following which the plugin developers (Florent Malliefaud) urgently patched the vulnerability in just a day. Version 5.0.6 is free of vulnerabilities. We recommend you update your plugin from any previous version to this. About…
Website security is the sum total of all active & passive measures taken to protect your website. It encompasses every security measure from basic security to premium security that you take (or should take) to protect your website from cyberattacks. For instance, setting strong passwords on your website, using a firewall, getting an SSL, ensuring PCI-DSS, etc. all come under…
WordPress sites have yet again become the victim of a widespread redirection malware. A lot of WordPress web owners contacted us worried about their websites redirecting or admin panel throwing an error. While doing the cleanups on these websites, we could draw similarities in their hacking fashion. All these websites happened to have been infected by the same redirection malware.…
The pharma hack is not new. In the past we saw, many popular CMSes being targeted with the pharma malware. But, it was only recently that we saw them redirecting to .su & .eu sites. As we already know, the pharma malware can vary based on its purpose. Some are designed to steal data while others are designed to inject…
There is a lot of buzz online about the popularity of cloud computing. Companies are migrating to the cloud in droves. They are attracted by the convenience, scalability, and cost-effectiveness of the cloud environment. According to the Logic Monitor’s Survey: “The Future of the Cloud Study”, 83% of enterprise workloads will be in the cloud by 2020. Migrating to a…
Astra security engineers often find fake plugins installed on hacked websites. One such recent malware cleanup uncovered a fake plugin of Super Socializer Plugin in WordPress. This fake plugin triggered fake & malicious ads on the website. The plugin goes by the name "Super Socialat", which clearly is a play on the name Super Socializer. We will discuss the details…
