WPShout: How to Audit User Behavior with a WordPress Activity Log

WPShout: How to Audit User Behavior with a WordPress Activity Log

WPShout: In the Quick Guide we’ll use WP Security Audit Log to keep an activity log of what’s happening on our WordPress site. Activity logs are a chronological list of records of what logged in users did on your WordPress sites and multisite networks. A WordPress activity log a vital part of site security and management because in them, you can find a user log full of information about user logins—from where they logged in and when, what content they have created, published, modified and deleted, what user profile and WordPress settings changes other administrators have done, and much more.

Ripstech: WordPress Design Flaw Leads to WooCommerce RCE

Ripstech: WordPress Design Flaw Leads to WooCommerce RCE

WordPress Unlink to RCE A flaw in the way WordPress handles privileges can lead to a privilege escalation in WordPress plugins. This affects for example WooCommerce, the most popular e-commerce plugin with over 4 million installations. The vulnerability allows shop managers to delete certain files on the server and then to take over any administrator account.

Wordfence: Privilege Escalation Flaw In WP GDPR Compliance Plugin Exploited In The Wild

Wordfence: Privilege Escalation Flaw In WP GDPR Compliance Plugin Exploited In The Wild

After its removal from the WordPress plugin repository yesterday, the popular plugin WP GDPR Compliance released version 1.4.3, an update which patched multiple critical vulnerabilities. At the time of this writing, the plugin has been reinstated in the WordPress repository and has over 100,000 active installs. The reported vulnerabilities allow unauthenticated attackers to achieve privilege escalation, allowing them to further infect vulnerable sites. Any sites making use of this plugin should make it an immediate priority to update to the latest version, or deactivate and remove it if updates are not possible.

Kinsta: Is WordPress Secure? Here’s What the Data Says

Kinsta: Is WordPress Secure? Here’s What the Data Says

WordPress is, by far, the most popular way to build a website. That popularity has the unfortunate side effect of also making WordPress sites a juicy target for malicious actors all across the world. And that might have you wondering whether WordPress is secure enough to handle those attacks. First – some bad news: Every year, hundreds of thousands of WordPress sites get hacked. Sounds grim, right? Well…not really, because there’s also good news:

Wordfence: Three Incident Response Preparations You Should Be Making

Wordfence: Three Incident Response Preparations You Should Be Making

Wordfence: In the context of cybersecurity, the adage “An ounce of prevention is worth a pound of cure” is a massive understatement. Make no mistake, the easiest way to handle a security incident is to prevent it from ever happening in the first place. We continually remind our readers about security best practices because the time spent implementing them is nominal compared to the time that would be spent responding in the aftermath of a successful attack.

Join the Network