Important Vulnerability on Advanced Custom Fields Plugin for WordPress

Despite the fact that the fact that trees are blooming and everyone is enjoying spring sun, this month was busy for the Imunify Security team. Another version of Imunify360 was released, version 5.6. and Imunify version 5.7 came out in beta. Keep on reading to find out more about the latest package updates and some tips on how to stay secure.

March monthly digest gives an overview of version and package updates and the latest security vulnerabilities detected by the Imunify Security team. Read the posts below to learn all and beyond brute force attacks and how Imunify360 could mitigate them.

Brute-force attacks are the most widely used cyber-attacks in the cyber-sphere. And dependent on the target, the protection method is unique to the attack. There are two main types of brute-force attacks:

• Service level brute-force, targeting ssh, ftp, smtp services and others.
• Web application level brute-force, e.g. attacks against WordPress, Magento, and similar CMSes and web-scripts.

In February 2021, Imunify introduced a new version of Imunify360, version 5.5. Keep on reading to learn more about new releases and packages updates. Also, we recommend checking our new articles covering website and server security.

For website owners unfamiliar with common malware, having malware on your site that doesn’t  cause any obvious issues is seemingly harmless to the site owner. How bad can malware be if it just injects links? If site owners do not understand the repercussions of malware, then they will not take it seriously. It often means that these site owners don’t have the necessary monitoring and malware protection in place to defend sites. For shared hosting providers, this issue can have severe consequences and long-term effects on the server’s reputation and potential profitability. Additionally, read our website hosting security article and learn how to keep your website secure in 2021.

In 2020, approximately one million websites hosted on WordPress were actively targeted by cyber-criminals. Large-scale campaigns are common and your server could easily be compromised without you noticing it. Even when malware is silent and undetectable, it can cause long-term side effects that damage your business reputation, customer retention, revenue, and lead generation from search engines. It’s imperative to business continuity that you detect attacks, mitigate ongoing attacks, and remediate them quickly after they are found.

Despite the fact that the festive season already starts in December, this month was busy for the Imunify Security team. Keep on reading to find out more about the latest package updates and some tips on how to stay secure. Stay safe and hopefully 2021 will bring you a lot of joy and pleasant moments!

 

 

Recently, we got a few support requests related to the usage of Imunify360 with Cloudflare. We’d like to explain the root cause and provide you with a workaround.

The issue was looking like an inability to pass the Captcha causing an endless loop. Further investigation revealed an issue caused by custom cache settings in the Cloudflare control panel.