Astra Web Security Blog - Website & CMS Security News

astra, web, security, blog, website, cms, security, news

How to clean & fix WordPress eval (base64_decode) hack

Among the major CMSs used extensively by businesses worldwide, WordPress is notorious for being the most targeted by hackers, who constantly search for ways to circumvent security patches and precautions taken by users. A majority of websites run on Wordpress, rendering it an excellent hackable target for malpractices and data theft. One such hack witnessed by Wordpress users lately is…

Vigra & Cialis spam results

WordPress and Drupal are probably the most popular CMS used. Besides that, their popularity makes them good targets for SEO spammers. Multiple vulnerabilities in Drupal have been uncovered in the past few weeks. As a result  SEO spammers target websites on these platforms. This is a Black Hat SEO technique also dubbed as 'WordPress Pharma hack or SEO Spam'. This…

In its quest to provide a safe online experience to its users, Google often identifies and flags fraudulent seeming domain and blacklists websites it discovers as potentially malicious. When a domain is blacklisted by Google, it deters users from visiting it, informs the site owner and stops malicious activities at its roots. Domain gets blacklisted when search engines like Google, Bing, Norton…

How to remove the Backdoor: PHP/apiword malware from your WordPress website

Lately, Wordpress witnessed a perilous situation when it discovered a malicious code added to the top of the functions.php file, exploiting which the malware creator can unleash pretty much any damage he'd like. The injected code comes from the apiword malware which not only creates modifications in post.php and functions.php, but also creates a file containing a backdoor: /wp-includes/class.wp.php The presence of the functions.php file is…

For as long as we can remember, the cyber defense has been an important issue in the digital age. It’s not that there’s a shortage of security solutions that help businesses and consumers fend off today’s threats. Hackers are just getting smarter and craftier in exploiting software vulnerabilities. The bad news is, security companies seem to be at a disadvantage…

Is your website an important marketing platform for your business? Do you like it as an elite commercial? The WordPress WooCommerce security vulnerability is a sensitive issue that is important to take into account? It is said that the majority of these systems are vulnerable to the attacks of the first apprentice hacker. Yet they can also protect themselves very well. The WooCommerce…

With each passing day, cases of WordPress infection that redirects visitors to suspicious pages is getting common.  Recently, a vulnerability was discovered in tagDiv Themes and Ultimate Member Plugins. In this WordPress redirect hack visitors to your website are redirected to phishing or malicious pages. In this hack, users, when redirected, are taken to irritating pages with arbitrary URL hxxp utroro.com/xyz  or  hxxp://murieh.abc/xyz…

Drupal Malware: How to Fix Drupal Kitty Cryptomining Malware

Drupal, deemed as one of the most secure CMS around the world has been in news lately for notorious reasons. A malware going by the named "Kitty" has infected Drupal sites making it highly susceptible to mining crypto mining attacks. The malicious script exploits the very well known critical remote-code execution vulnerability in Drupal “Drupalgeddon 2.0”, The Kitty Drupal Malware infects vulnerable…

WordPress File or  Folder Permissions- Something that is easily forgotten When we talk about securing our WordPress account, we tend to discuss security plugins and extensions mostly which, no doubt is an important aspect of it. But, ignoring file permissions altogether can prove to be immensely dangerous for your WordPress website. To begin with, let us know what WordPress file…

Close