Symptoms of a hacked website can vary wildly. A concerning security alert from Google, a browser warning when you visit your site, or even a notice from your hosting provider that they’ve taken down your website — all of these events may indicate that your site has been hacked. Fortunately, there are a number of quick (and free) ways you can check and find out if your website has been compromised.
In this post, I’ll be breaking down the WordPress ecosystem along with some security best practices to help you understand whether WordPress is safe and how to protect your site from attacks.
Cross-Site Scripting is a type of vulnerability that allows a malicious actor to inject code, usually JavaScript, into otherwise legitimate websites. The web browser being used by the website user has no way to determine that the code is not a legitimate part of the website, so it displays content or performs actions directed by the malicious code. XSS is a relatively well-known type of vulnerability, partially because some of its uses are visible on an affected website, but there are also “invisible” uses that can be much more detrimental to website owners and their visitors.
In this post, we’ll be going over why outdated PHP versions can lead to an increase in vulnerabilities with your website and how you can minimize these risks to protect your site and your visitors.
Follow these 10 WordPress security tips to keep your site from falling ill from malware this winter season.
A Content Security Policy (CSP) is a policy that uses headers or meta elements to restrict or greenlight what content loads onto your website. It is a widely-supported security standard recommended to anyone who operates a website.
As much as the web has grown, surprisingly not a lot has changed in how websites get hacked. The most important thing you can do in keeping the web – and your own sites and visitors – safe is to understand these unchanging truths and hold them close to heart.
We have created this helpful guide for designers who’re looking to fix a hacked WordPress website. Remember to keep this guide handy, you never know when you might just need it. Let’s get started.
The Wordfence Live team covered “The Hacker Motive: What Attackers Are Doing with Your Hacked Site”. This companion blog post reviews the motives discussed live during Wordfence Live and dives deeper into the minds of attackers.
To support a safer internet for everyone, we’ve compiled this website security glossary. Based on our research, this is today’s most relevant terminology in website security.