A hacker group tried to hijack 900,000 WordPress sites over the last week

A hacker group has attempted to hijack nearly one million WordPress sites in the last seven, according to a security alert issued today by cyber-security firm Wordfence.

The company says that since April 28, this particular hacker group has engaged in a hacking campaign of massive proportions that caused a 30x uptick in the volume of attack traffic Wordfence has tracking.

“While our records show that this threat actor may have sent out a smaller volume of attacks in the past, it’s…


More Info

Find My Blocks Plugin Shows All Blocks in Use on a WordPress Site – WordPress Tavern

How do you know what blocks are in use on a WordPress site? I recently saw a tweet asking this question in regards to knowing whether it is safe to turn off a plugin. This seems like it could become a common question, especially for those who have hundreds or thousands of blog posts as well as those using WordPress as a CMS.


More Info

Researchers Discover Multiple WordPress Security Exploits In Popular E-Learning Platforms

As the coronavirus pandemic continues around the world, everyone’s lives have changed. The way we work and learn is significantly different now than it was only a few months ago as people shelter in place, and offices and schools around the globe have been forced to move to a distance model. Teaching from home has forced educational institutions everywhere to quickly move to online learning and to implement new systems to support the shift. Security researchers at Check Point Research decided to audit the security of several of the most popular Learning Management Systems (LMS) that are…


More Info

WordPress Vulnerability Update – Search Engine Journal

WordPress announced an update that fixes seventeen bug fixes and seven vulnerabilities. WordPress is automatically updating sites to WordPress 5.4.1.

It is important to check that your WordPress installation is updated to version WordPress 5.4.1.

Cross-site Scripting Vulnerabilities

WordPress patched it’s software to address multiple Cross-site scripting (XSS) vulnerabilities. There are two kinds, XSS and Authenticated XSS.

A cross-site scripting (XSS) vulnerability allows an attacker to inject a malicious script on a vulnerable web page.

An authenticated cross-site scripting (Authenticated…


More Info

Ninja Forms WordPress plugin patch prevents takeover of 1M sites

The developers of Ninja Forms, a WordPress plugin with more than 1 million installations, have fixed a high severity security vulnerability that can let attackers inject malicious code and take over websites using an unpatched version of the plugin.

The vulnerability is a Cross-Site Request Forgery (CSRF) that leads to Stored Cross-Site Scripting (Stored XSS) attacks and it affects all Ninja Forms versions up to 3.4.24.2.

Attackers can exploit this Ninja Forms bug by tricking WordPress admins into clicking specially crafted links that inject malicious JavaScript code as part of a…


More Info

Ninja Forms WordPress Plugin Vulnerability

Popular WordPress Forms plugin Ninja Form recently updated their plugin to patch a severe vulnerability. The vulnerability is rated a high severity because it could allow an attacker to steal admin level access and take over the entire website.

Cross-Site Request Forgery Vulnerability

The exploit that is causing this is called Cross-Site Request Forgery. This kind of vulnerability exploits a lack of a normal security check which then allows an attacker to upload or replace files and even gain administrative access.

This is how the Common Weakness Enumeration site, describes this kind of…


More Info

Best WordPress Security Checklist [Ultimate Guide]

There are a good number of reasons to be worried about the security of your website. Reports tell us that more than 90,000 hack attempts are made on WordPress websites every minute. We will show you a WordPress security checklist, that you should follow.

Many website owners may think that their website is too small for hackers to target. But the truth is hackers prefer targeting small websites because they are lenient about their security.

The bottom line is that every website – big or small – should take security measures.

There are many security practices that you can implement on your…


More Info

eSign Genie Software Company Introduces WordPress Plugin for WPForms for Easy Website Esignature Integration

eSign Genie Rolls Out WordPress Plugin for its Digital Signature Software

CUPERTINO, Calif., April 30, 2020 /PRNewswire/ — eSign Genie is excited to announce the WordPress Plugin roll out for WPForms users so that users that have created websites using WordPress can integrate esignature functionality easily using the plugin. This feature improves productivity as well as saves time in having documents esigned using eSign Genie software.

“As one of the leading esignature software market leaders, eSign Genie wants to make it pain-free to provide legally binding digital signatures for the…


More Info

eSign Genie Software Company Introduces WordPress Plugin for WPForms for Easy Website Esignature Integration

CUPERTINO, Calif., April 30, 2020 /PRNewswire/ — eSign Genie is excited to announce the WordPress Plugin roll out for WPForms users so that users that have created websites using WordPress can integrate esignature functionality easily using the plugin. This feature improves productivity as well as saves time in having documents esigned using eSign Genie software.

“As one of the leading esignature software market leaders, eSign Genie wants to make it pain-free to provide legally binding digital signatures for the WordPress community,” said CEO Mahender Bist. “Also, eSign Genie is…


More Info

Critical WordPress e-Learning Plugin Bugs Open Door to Cheating – Threatpost

The flaws in LearnPress, LearnDash and LifterLMS could have allowed unauthenticated students to change their grades, cheat on tests and gain teacher privileges.

Researchers have disclosed critical-severity flaws in three popular WordPress plugins used widely by colleges and universities: LearnPress, LearnDash and LifterLMS. The flaws, now patched, could allow students to steal personal information, change their grades, cheat on tests and more.

The vulnerable plugins have been installed on more than 130,000 school websites — including ones used the University of Florida, University of…


More Info