• Home
  • /Archive by category ' Security Tips '

Archive For: Security Tips

Easy Guide to Saving HAR Files and Console Logs for Troubleshooting

When something goes wrong with a website – whether it is a broken design, slow performance, shows an error message or something else, it is sometimes difficult to find the exact cause of the issue just by looking at the page. That’s where the HAR files or browser console errors come into play. These in-built... Read More
 

Ad-Jacked: Cybercriminals Inject Google Adsense into WordPress

Recently, we’ve encountered cases where WordPress websites were impacted by  Google Adsense hijackers. Attackers inject advertisements and scripts that steal website resources and pump ad views for their adsense accounts. This is not the first time we’ve seen attackers abusing popular Google services. In a previous case, we discovered a credit card skimmer hiding inside... Read More
 

Fake Font Domain Used to Skim Credit Card Data

Recently, a client of ours came to us concerned about credit card theft on their WordPress site. The client’s users reported that their credit card data had become compromised shortly after purchasing products on our client’s website. When investigating the site, two suspicious symptoms appeared: A strange credit card form, and an unfamiliar domain, which... Read More
 

Understanding FTP and SFTP: A Guide to Secure File Transfers

Updating your website means getting files to your server, but the process can feel like a chore when simply navigating in a conventional hosting panel. FTP and SFTP are essential tools for managing files on your server. Whether you’re uploading website content or downloading backups, these protocols offer a straightforward method to handle your site’s... Read More
 

Vulnerability & Patch Roundup — March 2025

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners about potential threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this... Read More
 

Hidden Malware Strikes Again: Mu-Plugins Under Attack

At Sucuri, our security researchers continually monitor for new malware variants and infection techniques targeting WordPress websites. Recently, we’ve uncovered multiple cases where threat actors are leveraging the mu-plugins directory to hide malicious code. This approach represents a concerning trend, as the mu-plugins (Must-Use plugins) are not listed in the standard WordPress plugin interface, making... Read More
 

Quick Guide to Magento Security Patches

Magento remains a popular ecommerce platform in 2025 and its security patches play a vital role in addressing vulnerabilities that could otherwise be exploited by attackers. These patches help prevent issues like data breaches, website defacement, or unauthorized access, ensuring the safety of customer data and store operations. Given the platform’s widespread use, staying updated... Read More
 

Fake Cloudflare Verification Results in LummaStealer Trojan Infections

Today’s blog post will be a follow up to a previous article we posted a few weeks ago: We continue to see new variants of this malware campaign emerge. WordPress websites continue to be used as staging grounds to trick website visitors into running malicious powershell commands on their Windows computers in order to infect... Read More
 

Credit Card Skimmer and Backdoor on WordPress E-commerce Site

The battle against e-commerce malware continues to intensify, with attackers deploying increasingly sophisticated tactics. In a recent case at Sucuri, a customer reported suspicious files and unexpected behavior on their WordPress site. Upon deeper analysis, we discovered a complicated infection involving multiple components: a credit card skimmer, a hidden backdoor file manager, and a malicious... Read More
 
Tap To Call