Fake “Java Update” pop-up hidden inside a malicious WordPress plugin
A new social-engineering tactic is targeting WordPress sites with a convincing “Java Update” pop-up. It…
Risk Alerts
Malware intercepts Googlebot with IP-verified conditional logic
Some attackers now hide spam content from people — and show it only to search…
Google sees spam, you see your site: cloaked SEO spam explained
Some attacks don’t vandalise your pages. Instead, they quietly turn your website into a mouthpiece…
Fake browser update pop-ups targeting WordPress administrators
A new social-engineering campaign is abusing a malicious WordPress plugin to show convincing fake browser…
Stop “content sniffing” with HTTP security headers
Browsers try to be helpful. If your server doesn’t clearly label a file, they may…
Auto-login backdoor disguised as a JavaScript data file in WordPress
A stealthy backdoor is targeting WordPress sites by posing as a harmless JavaScript asset. In…
Phishing threats: how to protect your WordPress site and your business
Phishing has evolved from clumsy “verify your account” emails into polished scams that mimic real…
ERR_TOO_MANY_REDIRECTS: how to fix redirect loops on your website
Seeing ERR_TOO_MANY_REDIRECTS (or “the page isn’t redirecting properly”) means your site is stuck bouncing between…
Denial-of-Service (DoS) attacks: what they are and how to keep your website available
If your website slows to a crawl, pages time out, or customers can’t log in,…
Malvertising hiding in plain sight on WordPress websites
We’re seeing a malvertising campaign that quietly injects third-party scripts into WordPress sites. It looks…