Security Archives | Page 2 of 2 | Animated Creativity

Wordfence forensics: mining wp_wfhits and wp_wfissues to reconstruct a breach timeline

September 18, 2024 by admin

Top-down view of two detectives examining black-and-white photos and fingerprint cards on a desk — visual metaphor for piecing together a breach timeline from log evidence (photo: RDNE / Pexels)

If you’re cleaning up a WordPress compromise and the site has Wordfence installed, you have more forensic data than you think. Even on the free plan, Wordfence quietly logs every blocked request, every plugin-vulnerability advisory, every flagged file, and every …

Detecting and cleaning the DOLLY WordPress mu-plugin backdoor

August 14, 2024 by admin

Hooded figure with neon mask holding tablet displaying 'Uploading Virus' progress bar — visualizing the DOLLY WordPress mu-plugin backdoor exfiltrating credentials

Last week I cleaned a six-site WordPress compromise on one of my OpenLiteSpeed boxes. The most interesting payload was the “DOLLY” mu-plugin family — a credential-harvesting backdoor that hides itself with a few clever tricks and survives most casual cleanups …

Rotating WordPress salts as incident response: the step everyone skips

July 23, 2024 by admin

Close-up of a metal combination lock with rotating numeric dials — visual metaphor for rotating WordPress salts to a new secret combination (photo: Felix Moeller / Pexels)

You’ve cleaned the malware files, deleted the backdoor admin accounts, rotated everyone’s password. The site is fine, you’re fine. Three weeks later someone logs in with a session cookie they grabbed during the compromise window and creates a fresh admin …