Moving your site to a new host can seem daunting, but it’s often necessary. Hosting provides the critical infrastructure needed to make your website available for users all across the world. It’s important that you choose one that’s reliable, secure, and high-quality.
But how do you know if you need a new hosting provider and how do you easily and safely move your site?
Continue reading → The Complete Guide to Migrating Your WordPress Site
During an audit of the Motor theme (full name “Motor – Cars, Parts, Service, Equipments and Accessories WooCommerce Store” by Stockware) for WordPress, we found a number of rather severe vulnerabilities.
These vulnerabilities would allow an unauthenticated attacker complete read access to files on the file system of the site host, and would also allow them to run any PHP scripts found in the file system. We did not identify any upload vulnerabilities in the Motor theme, but paired with other vulnerable plugins this could allow for a complete takeover of the vulnerable site.
We disclosed these vulnerabilities to the theme store who then contacted the theme vendor with our findings. A fixed version of the theme was released as version 3.1 on June 3, 2021. We encourage everybody using this theme to upgrade to the latest version immediately!
Continue reading → Vulnerabilities Found in Motor WordPress Theme < 3.1
Back on April 20th, 2021, our friends at WPScan reported a severe vulnerability on Kaswara Modern VC Addons, also known as Kaswara Modern WPBakery Page Builder Addons. It is not available anymore at Codecanyon/Envato, meaning that if you have this running, you must choose an alternative.
This vulnerability allows unauthenticated users to upload arbitrary files to the plugin’s icon directory (./wp-content/uploads/kaswara/icons). This is the first Indicator Of Compromise (IOC) our friends at WPScan shared with us in their report.
The ability to upload arbitrary files to a website gives the bad actor full control over the site, which makes it hard to define the final payload of this infection; thus, we’ll show you everything we found so far (we got a little carried away on the research, so feel free to jump to the IOC section if you don’t want to read through).
Continue reading → Vulnerable Kaswara Modern WPBakery Page Builder Addons Plugin Being Exploited in the Wild
At Jetpack, we are continuously working to develop a better product for you and your website. This month, we bring the popular Story Block to the web editor, a feature previously exclusive to mobile. This release also includes a fix for a security vulnerability for the Carousel feature.
We consequently encourage you to update all sites that you administer as soon as possible.
Continue reading → Jetpack 9.8: Engage your audience with WordPress Stories
WordPress is the most popular CMS for a variety of reasons — it’s easy to use, flexible, powerful, and well-supported — but that popularity also makes it a target for hackers and malware. Thankfully, there’s a lot you can do to easily protect your website.
Here are eight types of WordPress security plugins that will substantially reduce your risk:
Continue reading → WordPress Security Plugins You Shouldn’t Go Without
At Jetpack, dealing with different types of web threats and attacks is part of our routine. Most of the time, it ranges from collecting a malicious file and finding the attack vector, to providing assistance on restoring a website from the latest backup. But sometimes we enter a different dimension of really creative attacks, a dimension of inexplicable reinfections — we enter … the twilight zone.
Okay, I’m probably being over-dramatic, but bear with me as I set the scene for this mystery tale. Ready? Please join me on this trip to the realm of ghosts, spam, and search engines.
Continue reading → Fighting Spam from the Twilight Zone
If you run a blog, then you may have chosen to allow comments on your website. This can be a good move for certain sites because it promotes engagement, encourages feedback, and helps you establish authority.
But hackers and bots often leave spam comments in order to link visitors back to their own websites. Their goal? Higher site rankings and an increase in traffic — for the spammers, of course.
Racking up lots of comments seems like a positive, but too much spam can decrease search engine rankings, expose your visitors to viruses and scams, and make it look like you don’t care for your website. And this is, well, bad for business.
The thing with comment spam is that not all of it is created equal. Most of the time, it looks shady. But, sometimes, it actually looks legitimate. So how do you spot it on your blog?
Continue reading → How to Recognize Comment Spam and Give it the Boot
Whether you’re launching a business site, an online store, or a hobby blog, WordPress offers flexibility, ease of use, and advanced functionality that will help make it a smashing success.
But before you’re ready to go live, spend a few minutes thinking about security. Protect your site as much as possible to keep it safe from hackers and accessible to fans and customers at all times.
Continue reading → WordPress Security for Beginners
This month, we’re shipping several under-the-hood improvements and bug fixes to make Jetpack work even better for you and your website. Here are the highlights:
Continue reading → Jetpack 9.7: Behind-the-scenes improvements for your site
WordPress comment spam seems inevitable. No matter what type of website you’re running, if you allow visitors to comment on your posts, you’ll find spam. The more popular your content is, the more you’ll get. These unwanted contributions interrupt the flow of the dialog in your comments section, annoy you and your community, reduce your site’s credibility, and decrease traffic. But why, exactly, do people leave spam comments and what can you do about them?
Continue reading → Why Spam Comments Exist (and How to Stop Them)
