Important Vulnerability on Advanced Custom Fields Plugin for WordPress

Brute-force attacks are the most widely used cyber-attacks in the cyber-sphere. And dependent on the target, the protection method is unique to the attack. There are two main types of brute-force attacks:

• Service level brute-force, targeting ssh, ftp, smtp services and others.
• Web application level brute-force, e.g. attacks against WordPress, Magento, and similar CMSes and web-scripts.

In February 2021, Imunify introduced a new version of Imunify360, version 5.5. Keep on reading to learn more about new releases and packages updates. Also, we recommend checking our new articles covering website and server security.

For website owners unfamiliar with common malware, having malware on your site that doesn’t  cause any obvious issues is seemingly harmless to the site owner. How bad can malware be if it just injects links? If site owners do not understand the repercussions of malware, then they will not take it seriously. It often means that these site owners don’t have the necessary monitoring and malware protection in place to defend sites. For shared hosting providers, this issue can have severe consequences and long-term effects on the server’s reputation and potential profitability. Additionally, read our website hosting security article and learn how to keep your website secure in 2021.

In 2020, approximately one million websites hosted on WordPress were actively targeted by cyber-criminals. Large-scale campaigns are common and your server could easily be compromised without you noticing it. Even when malware is silent and undetectable, it can cause long-term side effects that damage your business reputation, customer retention, revenue, and lead generation from search engines. It’s imperative to business continuity that you detect attacks, mitigate ongoing attacks, and remediate them quickly after they are found.

What if we told you that ~15% of infection sources are database infections? If you have ever tried to clean up malicious injections (usually, thousands of them) from the database table, you know how much time and pain it would take. There's a lack of professional solutions to detect and clean up malware in the database automatically. We want to save your time and provide you with another top-notch solution to detect threats in the databases (in addition to our trailblazing Imunify file scanner). We call the solution “Malware Database Scanner” (MDS).

Despite the fact that the festive season already starts in December, this month was busy for the Imunify Security team. Keep on reading to find out more about the latest package updates and some tips on how to stay secure. Stay safe and hopefully 2021 will bring you a lot of joy and pleasant moments!

 

A hacker might not cause any noticeable damage when infiltrating your web server. You may not notice any change in performance or any loss of data.

Here we announced the issue related to WebShield in Imunify360. As a quick-fix measure, we disabled WebShield remotely for the customers. 

Recently, we’ve noticed an issue related to WebShield in Imunify360. You can recognize it as an infinite loading of the page for a website using Cloudflare. A few customers with more than 75K greylisted IPs might be affected.