When something goes wrong with a website – whether it is a broken design, slow performance, shows an error message or something else, it is sometimes difficult to find the exact cause of the issue just by looking at the page. That’s where the HAR files or browser…

Read Full Article

Most often bad actors try their best to hide their activities by using obfuscated code or by uploading fake plugins or themes that inject simple but malicious scripts into a site. Every now and then we encounter a case where legitimate software is used for malicious purposes. We…

Read Full Article

Recently, we’ve encountered cases where WordPress websites were impacted by  Google Adsense hijackers. Attackers inject advertisements and scripts that steal website resources and pump ad views for their adsense accounts. This is not the first time we’ve seen attackers abusing popular Google services. In a previous case, we…

Read Full Article

Recently, a client of ours came to us concerned about credit card theft on their WordPress site. The client’s users reported that their credit card data had become compromised shortly after purchasing products on our client’s website. When investigating the site, two suspicious symptoms appeared: A strange credit…

Read Full Article

Updating your website means getting files to your server, but the process can feel like a chore when simply navigating in a conventional hosting panel. FTP and SFTP are essential tools for managing files on your server. Whether you’ re uploading website content or downloading backups, these protocols offer…

Read Full Article

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners about potential threats to their environments, we’ve compiled a list of important security updates and…

Read Full Article

At Sucuri, our security researchers continually monitor for new malware variants and infection techniques targeting WordPress websites. Recently, we’ ve uncovered multiple cases where threat actors are leveraging the mu-plugins directory to hide malicious code. This approach represents a concerning trend, as the mu-plugins (Must-Use plugins) are not listed…

Read Full Article

Magento remains a popular ecommerce platform in 2025 and its security patches play a vital role in addressing vulnerabilities that could otherwise be exploited by attackers. These patches help prevent issues like data breaches, website defacement, or unauthorized access, ensuring the safety of customer data and store operations….

Read Full Article

Today’ s blog post will be a follow up to a previous article we posted a few weeks ago: We continue to see new variants of this malware campaign emerge. WordPress websites continue to be used as staging grounds to trick website visitors into running malicious powershell commands on…

Read Full Article

The battle against e-commerce malware continues to intensify, with attackers deploying increasingly sophisticated tactics. In a recent case at Sucuri, a customer reported suspicious files and unexpected behavior on their WordPress site. Upon deeper analysis, we discovered a complicated infection involving multiple components: a credit card skimmer, a…

Read Full Article

During a recent website security investigation, we uncovered a malicious JavaScript injection affecting a WordPress website. The infection was responsible for redirecting visitors to unwanted third-party domains, ultimately harming the site’ s reputation and potentially exposing users to further malicious activity. What was discovered? A customer reached out to…

Read Full Article

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners about potential threats to their environments, we’ve compiled a list of important security updates and…

Read Full Article