From time to time we do forensic investigations of WordPress breakins. When we do the investigation there is often one or more backdoors placed in the filesystem or modified legit WordPress-related files in wp-includes, themes or plugins. This is not only related to WordPress but all sites running PHP such as Drupal, Magento etc. Finding backdoors in the filesystem can be time consuming and doing checksum checking is not always possible. So I wanted to find out how good antivirus software are these days to find PHP and WordPress backdoors. On my personal Gist Github I have collected more than 10 different backdoors found on real breakins and forensic investigations. Test 1 – VirusTotal The Google owned VirusTotal.com service allows[…]

As part of a vulnerability research project for our WordPress Security Scanner at WPcans.com, we have been auditing popular WordPress plugins looking for security issues. While auditing the WordPress plugin Loginizer, we discovered a SQL Injection vulnerability and a Cross-Site Request Forgery (CSRF). This plugin is currently installed on 500,000+ websites. About the plugin According to WordPress.org: Loginizer is a WordPress plugin which helps you fight against bruteforce attack by blocking login for the IP after it reaches maximum retries allowed. You can blacklist or whitelist IPs for login using Loginizer. You can use various other features like Two Factor Auth, reCAPTCHA, PasswordLess Login, etc. to improve security of your website. Are You at Risk? This vulnerability is caused by the lack of[…]