Questions tagged [wordpress]
WordPress is an open source content management system running on PHP and MySQL, and often used as a blog engine. Specific Wordpress questions are best asked at https://wordpress.stackexchange.com
302 questions
1
vote
2
answers
113
views
Advisable to Fail2Ban IPs that hit decoy endpoints redirected to 404 for WordPress hardening?
I'm running a WordPress instance for a dropshipping site and have implemented some of the common security practices. One of these involves redirecting access attempts to known attack surfaces (e.g., /...
- 11
2
votes
2
answers
290
views
Decrypting hacked wordpress files
My friend asked me why his website seems weird on Google and why meta title seems to be “トリプルフローアイロン”.
After checking request logs on his hosting panel and checking files on FTP, it’s clear that the ...
- 29
1
vote
0
answers
362
views
Massive Increase in Phony Access Attempts from Microsoft IPs – What Kind of Attack Is This? [duplicate]
Over the past few weeks, I've observed a massive spike in suspicious traffic from IP addresses belonging to Microsoft servers in Ireland. These accesses are blocked due to attempts to reach specific, ...
- 11
2
votes
0
answers
96
views
WordPress website URL redirection [closed]
I work at a local company and we are having trouble fixing some issues with regards to WordPress. More specifically, we are getting problems when users click on the Google Review widget's link when ...
1
vote
0
answers
239
views
WordPress Site Hacked to redirect stripe.js offsite for credit card skimming - Can't Find The Source
We are experiencing an issue on our WordPress site running WooCommerce, for the second time this year where a hacker is injecting some kind of script that is redirecting the stripe.js code from it's ...
5
votes
1
answer
1k
views
How can a vulnerable function can be a exploited by a non-logged user if it only called in the WP admin section of a plugin?
I manage many WordPress websites and often encounter vulnerabilities related to WordPress plugins. However, I always wonder how these vulnerabilities can be exploited. I am not looking to exploit them ...
1
vote
1
answer
3k
views
Is there a Poc for Yoast SEO < 22.6 - Reflected Cross-Site Scripting (CVE-2024-4041)
I recently reported a Reflected Cross-Site Scripting (XSS) on a wordpress site which was running Yoast CEO 22.4 which is vulnerable to Reflected XSS. see CVE-2024-4041
However The company is demanding ...
- 123
0
votes
1
answer
521
views
How do I unblock a request uri in Modsecurity CRS?
I have installed a Nginx WAF with Modsecurity CRS. This WAF protects a backend WordPress.
One request from one of the plugins generated a false positive on the Modsecurity with the rule id 933120.
I ...
- 101
2
votes
2
answers
365
views
Can I set session time to 10 days without risking security issues?
We have a WordPress form that collects data on what marketing source (UTM) the user came from and upon submission, sends that UTM data to a 3rd party. Recently, a client asked me to have a web session ...
- 21
2
votes
0
answers
578
views
WordPress site hacked [closed]
We got hacked.
Our setup:
DigitalOcean VPS, Apache, multiple domains & WP websites, Elementor Pro, hopefully safe plugins.
Known facts:
It's phishing.
The virus infects all the websites on our ...
- 29
4
votes
1
answer
406
views
Suspicious indexing of non-existent pages
Just recently, the Google search engine started indexing my site with a crazy number of requests. When I logged into the console, 600,000 pages were indexed, and 919,000 more were not indexed. For ...
- 43
0
votes
1
answer
107
views
Can Caching cause my WAF logged events to drop?
I've been using Ninjafirewall on WordPress websites for a while.
I recently installed a new caching plugin on my main website and I noticed the firewall log which usually has around 5000 blocked ...
- 719
0
votes
2
answers
329
views
What is this bot/person trying to do with my contact form:
I have a small Wordpress website using contact form 7.
I received messages that look like an attempt to hack my website:
From: <div style="background-color:#4169E1; margin:auto;
max-width:...
- 103
0
votes
1
answer
2k
views
How to display first party website to third party website | inside the Iframe
I have www.example.com a WordPress website and www.official.com this third-party website, I want to invoke <iframe src="www.example.com"></iframe> in www.official.com
Here my ...
0
votes
2
answers
292
views
Someone attempted to hack our wordpress website
I found a file in the public folder of our website.
Then I searched to find out how this file was uploaded.
I finally found that it was uploaded via FTP.
We have determined the IP and address to which ...
