Popular Posts
-
Elegant Themes has been developing WordPress themes for a long time. It has developed lots of popular themes including Divi, Nexus, Fa...
-
How to start a blog or website in 5 minutes with WordPress. After publishing the post on how I started blogging full-time, I'v...
-
Hello there! My blog post 'Spikes' was published on Sept. 22nd; however, the post before it called 'Flow' was published on...
-
Hot Off the Press Jenny Diski on Writing, Love, and Cancer Photo by heipei Mark Armstrong Jun 17, 2015 @ 2:07 ...
-
Hello, last year i transferred my wordpress.com blog over to a self host bluehost which i pay a certain amount of money for each year. I a...
-
It has not only changed the traditional perspective of buyers and sellers, but also revolutionized the entire concept of retail busine...
-
Chukwuemeka Fred Agbata Jnr. Two weeks ago, I started a piece focusing on mobile apps that can aid your productivity. I already wrote ...
-
Content marketing and SEO has evolved quite a bit over the past few years. Google re...
-
What is the exact URL of the site you deleted? If you are referring to a site that was hosted by wordpress.COM, the relevant wordpress.C...
-
Google has some big plans when it comes to making the web faster on your mobile phone. The company just added AMP-enabled pages in its mobil...
Monday, February 15, 2016
Have you fixed your WordPress site yet?
By Stu Sjouwerman, CEO KnowBe4 Patch server operating systems. Make sure you have all the latest updates. Patch WordPress. Get rid of as many WP plugins as possible and patch the current ones. Update all your WP instances at the same time to prevent cross-infections. Lock down all WP instances with a very strong password and the WP 2-factor authentication. Keep servers and workstations updated at all times. Backup your data and keep daily off-site backups. Regularly TEST, TEST, TEST to make sure your restore functions actually work. The latter is often overlooked. Provide end-users with the 64-bit version of Google Chrome if possible. Run the latest V5.5 of Microsoft's Enhanced Mitigation Experience Toolkit (EMET) on workstations. Step all users through effective security awareness training as this keeps your users thinking about security and helps them play their part in keeping everyone safe online. 
Stu Sjouwerman (pronounced "shower-man") is the founder and CEO of KnowBe4, LLC, which provides web-based Security Awareness Training (employee security education and behavior management) to small and medium-sized enterprises. A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Inc. 500 company Sunbelt Software, an award-winning anti-malware software company that he and his partner sold to GFI Software in 2010. Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help entrepreneurs tackle cybercrime tactics through advanced security awareness training. KnowBe4 services hundreds of customers in a variety of industries, including highly-regulated fields such as healthcare, finance and insurance and is experiencing explosive growth with a surge of 427% in 2 013 alone. Sjouwerman is the author of four books, with his latest being Cyberheist: The Biggest Financial Threat Facing American Businesses.Related Keywords:Wordpress Malware
Source: Have you fixed your WordPress site yet?
Antivirus is not catching it yet making this a very dangerous situation. Word Press sites have been repeatedly hacked throughout 2014 and 2015. Looks like 2016 will be no different. So far, no one has figured out exactly how the sites are getting compromised.
Researchers from Malwarebytes and other security firms have reported that a massive number of legit WordPress sites are silently redirecting visitors to sites with the Nuclear Exploit Kit. "WordPress sites are injected with huge blurbs of rogue code that perform a silent redirection to domains appearing to be hosting ads," Malwarebytes Senior Security Researcher Jérôme Segura wrote in a recent Malwarebytes blog post. "This is a distraction (and fraud) as the ad is stuffed with more code that sends visitors to the Nuclear Exploit Kit."The compromised WordPress sites included encrypted code at the end of all legitimate JavaScript files. The attack tries to conceal itself and the code redirects end-users through a series of sites before dropping the ransomware payload. Once a WP server is infected, the malware also installs a variety of backdoors.
The malware tries to infect all accessible .js files.
What to do if you are running WordPress:
Protecting a network and your users:
Stu Sjouwerman (pronounced "shower-man") is the founder and CEO of KnowBe4, LLC, which provides web-based Security Awareness Training (employee security education and behavior management) to small and medium-sized enterprises. A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Inc. 500 company Sunbelt Software, an award-winning anti-malware software company that he and his partner sold to GFI Software in 2010. Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help entrepreneurs tackle cybercrime tactics through advanced security awareness training. KnowBe4 services hundreds of customers in a variety of industries, including highly-regulated fields such as healthcare, finance and insurance and is experiencing explosive growth with a surge of 427% in 2 013 alone. Sjouwerman is the author of four books, with his latest being Cyberheist: The Biggest Financial Threat Facing American Businesses.Related Keywords:Wordpress MalwareSource:Digital Media Online. All Rights Reserved
Source: Have you fixed your WordPress site yet?
Subscribe to:
Post Comments
(Atom)
0 comments:
Post a Comment