Connect with us

WORDPRESS

Retailers using WooCommerce are the next target for Magecart card skimmer attacks

Published

on

retailers-using-woocommerce-are-the-next-target-for-magecart-card-skimmer-attacks-–-news-…
Three new Magecart attacks are taking advantage of potential vulnerabilities in the WooCommerce ecommerce platform, experts have warned.

Discovered by RiskIQ, the vulnerabilities target retailers using third-party themes and tools to integrate into  WooCommerce pages that are particularly prone to Magecart risk.

As a result, many consumers are potentially vulnerable to having credit card details stolen ahead of the holiday shopping season.

Magecart threat

Further research by Barn2, a software company that specializes in WooCommerce products and WordPress, found that WooCommerce represents 29% of the top one million websites using ecommerce technologies. This exceeds five million active installs of the free plugin as of early 2021.

WooCommerce is notably popular because it is a free to use and easily customisable WordPress plugin.

“WooCommerce users are often small and medium-sized businesses, sometimes considered the most vulnerable, as they lack resources for complex and highly-vetted third-party tools. As we’ve seen over the years, both small and large retailers can be the targets of Magecart skimming,” RiskIQ wrote in its blog post.

In a typical Magecart attack, threat actors use a vulnerability and weaknesses in an ecommerce platform to inject a malicious code that skims online payment forms to intercept the payment information of unsuspecting customers.

As these third-party tools integrate with thousands of websites, when one supplier is compromised, Magecart has effectively breached thousands of sites at once.

RiskIQ’s detection of skimmers and other malware shows the innumerable ways threat actors gain access, deploy, and hide their tools on victim websites and advice site operations to regularly inspect their crontab commands for strange contents, ensure that access permissions are correct, and audit file access to it.

Advertisement

WORDPRESS

Customize Your Entire Site With New Block Themes – WordPress.com News

Published

on

Customize Your Entire Site With New Block Themes – WordPress.com News

Customize Your Entire Site With New Block Themes

Experiment with a new look for your site with themes created to take advantage of Full Site Editing.

In case you missed it, we’ve been rolling out a new set of powerful site design tools called Full Site Editing (or “FSE”) and it’s now available for all WordPress.com users!

Don’t worry if you’re just hearing about Full Site Editing for the first time. We’ve been releasing these new tools in a way that doesn’t actually require you to do anything with your existing site(s). If you are up for a change though, we’re happy to announce the launch of a brand new family of themes made specifically with Full Site Editing features in mind. As of this writing we have over two dozen themes available that support Full Site Editing.

These new themes have been designed with a wide variety of sites cases in mind. But their potential stretches well beyond their screenshots and demo sites. Because each theme is fully editable in the Site Editor, every one of these themes can be heavily customized to fit your site’s needs. You can start with theme that features single minimalist homepage, and then add as many menus and sidebars as you wish. Or, you can start with a complex business theme and strip it down to something minimal to suit your vision.

The Site Editor also includes a new feature called “Global Styles,” which allows you to edit site-wide settings for color, typography, and more. You’re free to change your theme’s default color scheme to whatever fits your mood, or even make all site text larger or smaller in a couple of clicks. To kick off this new feature, we’re also providing a few pre-built variations on some of these new themes.

All the new themes and variations can be found in the Theme Showcase. Or, if you’re starting a fresh site, they’ll be offered to you automatically in the site creation flow. This collection of themes is just the beginning, and we’re excited to continue launching a variety of diverse theme options for you. What would you like to see in the next set of themes on WordPress.com?

Source link

Advertisement
Continue Reading

DON'T MISS ANY IMPORTANT NEWS!
Subscribe To our Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

Trending

en_USEnglish