WooCommerce: Spam Orders and Accounts from Bots

Versions of WooCommerce prior to 4.6.2 contain a vulnerability that allows guest users to create accounts during checkout even when the "Allow customers to create an account during checkout" setting is disabled. This vulnerability is being exploited by a bot to place spam orders and create user accounts that are then used to probe for vulnerabilities in other plugins on the site. In response to...
Read More

Post Grid WordPress Plugin Flaw Found “Patch it sharpish if you use it…”

Two high-severity vulnerabilities in Post Grid, a WordPress plugin with more than 60,000 installations, opens the door to site takeovers, according to researchers. To boot, nearly identical bugs are also found in Post Grid's sister plug-in, Team Showcase, which has 6,000 installations. The issues are a cross-site scripting (XSS) flaw as well as a PHP object-injection issue. Both bugs are pending...
Read More

Analytics and Web App Confusion as Privacy Shield Lies in Tatters

Before the world changed due to COVID-19, the GDPR (General Data Protection Regulations) came into force back in 2018.  This impacted businesses across all industries and implemented strict regulation on the storage and transfer of personal data, with heavy fines as punishment for non-compliance. Many cloud services, from those offered by Microsoft and Google to much smaller, niche services, are...
Read More
upgrade-today-critical-vulnerability-in-phpmailer-affects-wordpress-drupal-websites.jpeg

Is your website’s front door wide open to WordPress hackers?

It is frustrating to find out that your WordPress site has been hacked, recently one of our customers asked us why do hackers target WordPress? The answer is usually, in part at least, due to the very reason that WordPress is such a popular content management system for websites, its active developer community and the volume of free plugins and free themes available to customise your site without...
Read More

Cybercrime: Europe’s Most & Least Secure Countries

Specops Software has released data showing the countries in Europe most and least susceptible to cyber crimes. The company analysed the total number of cloud provider related incoming attacks as well as cryptocurrency mining, malware and ransomware encounters on machines in each country. The Netherlands has the highest rate of machines that experienced one of the above attacks at 17.64 percent...
Read More

4 tips for managing WordPress plugins in 2020

Updating your WordPress plugins is most easily achieved from the Plugins tab in the WordPress dashboard. From there you can see which plugins have updates available, after which it’s a matter of hitting Update now to install the new versions. Minimise the number of plugins you have. Always remove plugins if you aren’t using them anymore. Keep your attack surface area as small as you can....
Read More

O’Brien Media are Cyber Essentials Certified via IASME and CyberSmart

The growing threat of cyber-related crime is quickly becoming a major concern for most organisations and business leaders. With regular reports of high-profile businesses falling victim to cybercrime across the globe, it’s the responsibility of every organisations to ensure they adequately protect themselves and their customers. What is Cyber Essentials? Cyber Essentials is a cybersecurity...
Read More

Hackers infecting WordPress sites via defunct “Rich Reviews” plug-in

If you’re a WordPress admin using a plug-in called Rich Reviews, you’ll want to uninstall it. Now. The now-defunct plug-in has a major vulnerability that allows malvertisers to infect sites running WordPress and redirect visitors to other sites. Rich Reviews was a WordPress plugin that lets sites manage reviews internally in WordPress, and also displays Google reviews for a business...
Read More

Update Easy WP SMTP – Vulnerability affecting thousands of sites across the internet discovered

The Easy WP SMTP plugin authors have released a new update, fixing a very critical 0day vulnerability. When leveraged, this vulnerability gives unauthenticated attackers the power to modify any options of an affected site — ultimately leading to a complete site compromise. The vulnerability, found only in version 1.3.9, has been seen exploited in the wild and impacts thousands of sites. The...
Read More

How not to back up your data & important information

Your customer files, your accounts, your website, your contacts, your designs, your images. Anything you can’t do without needs a safety net. Backing up isn’t just common sense – it could be a condition of your business insurance too. And not doing it the right way could mean your business insurance policy not paying out at the time you need it most. The good news is it’s easy. Back up,...
Read More