We recently investigated a suspicious link received by one of my colleagues on WhatsApp. The message (in Portuguese) states that Volkswagen is offering 20 free cars until the end of the year, and directs users to participate on a site that has been apparently crafted especially for this “event”.
After an initial investigation, it became clear that something was not right with the site. Several security vendors blacklisted it as a phishing site–although fishy, none of the classic phishing characteristics were present.
All across the internet, we find guides and tutorials on how to keep your WordPress site secure. Most of them approach the concept of user roles, but not many actually approach the capabilities of those roles.
The way the capabilities are handled on WordPress makes it quite easy to change what each role is allowed to do.
How WordPress Sets Role Capabilities
First, let’s take a look at how WordPress manages the capabilities of the roles and what they are allowed to do, such as:
Phishing is a serious threat to any industry. We have seen this topic appear in the news more each day. You might have already received a fraudulent email from what seemed to be your bank or even seen the hacking that took place during the 2016 US presidential election. But what do you know about phishing?
What is Phishing?
Phishing is the fraudulent attempt to obtain sensitive information like login information or other personal identification information (PII), which is any data that could potentially identify a specific individual, such as:
credit card details,
SSN (Social Security Number),
bank account information,
secret question answers
Even partial information can increase the chances of success to subsequent social engineering attacks.
As we take a step back and think about how much the Internet has grown over the past 20 years, we realize how much content/data has been made available to everyone.
Moving forward, there’s no reason to expect data availability to slow down. In fact, insideBIGDATA claims:
There are many sources that predict exponential data growth toward 2020 and beyond. Yet they are all in broad agreement that the size of the digital universe will double every two years at least, a 50-fold growth from 2010 to 2020.
Every year we see an increase in website attacks during the holidays.
While business owners see their sales go up due to promotional Black Friday and Cyber Monday campaigns, hackers are in the background working nonstop to create malicious, fraudulent websites as well as take advantage of legitimate ones.
Main Cyber Monday Threats
One of the major risks to consumers is phishing campaigns.
Carefully crafted phishing login pages convince users they are logging into a valid service.
Welcome to the sixth post of a series on understanding the Payment Card Industry Data Security Standard–PCI DSS. We want to show how PCI DSS affects anyone going through the compliance process using the PCI SAQ’s (Self Assessment Questionnaires).
In the previous articles written about PCI, we covered the following:
Requirement 1: Build and Maintain a Secure Network – Install and maintain a firewall configuration to protect cardholder data.
Requirement 2: Build and Maintain a Secure Network – Do not use vendor-supplied defaults for system passwords or other security parameters.
Though the Sucuri Firewall is simple to set up and protects your website immediately, it’s possible to have granular control of the WAF by using an API.
For instance, there’s a specific filter inside the WAF dashboard called Emergency DDoS. This filter basically increases the strength of the DDoS protection to an “emergency” level where most non-human access is blocked.
API to Boost Firewall Protection
The Firewall API is mostly used for whitelisting and clearing the website cache.
Having a website has become easier than ever due to the proliferation of great tools and services in the web development space. Content management systems (CMS) like WordPress, Joomla!, Drupal, Magento, and others allow business owners to build an online presence rapidly. The CMS’s highly extensible architectures, rich plugins, and effective modules have reduced the need to spend years learning web development before starting to build a website.
The ease of launching an online business or personal website is great.
Recent statistics show that over 32% of website administrators across the web use WordPress.
Unfortunately, the CMSs popularity comes at a price — attackers often seek out vulnerabilities to exploit and target unhardened WordPress sites. If a site is compromised, it often becomes the host of malicious malware or spam campaigns, harming your website’s reputation and visitors in the process.
Knowledge is power, and we’re here to help! We’ve created a new WordPress Security Email Course to help improve your website’s security posture and reduce the risk of a security incident.
In our previous post, we have discussed why marketers should have a proactive approach to website security. Today we are going to discuss some security tips marketers can put into practice. In the simplest terms, website security means three things here at Sucuri:
Protecting your website from compromises.
Monitoring for issues so you can react quickly.
Having a documented emergency response plan.
Marketers should champion these initiatives so they can be prioritized by their business development team.
Most online marketers think of themselves as T-shaped individuals. The theory behind this concept is that individuals possess a wide range of skills, with some abilities running deeper than others.
Website security awareness is in short supply and we need more champions — especially among small and medium-sized businesses. Digital marketers are in a prime position to add security know-how to their diverse toolkit.
Source: The T-Shaped Web Marketer by Rand Fishkin
It makes sense for marketers to want to secure their websites.