While WordPress has very real security problems, often news coverage related to hacked WordPress websites involves a focus on WordPress, while ignoring the more pertinent problem, security companies are scamming their customers. Yesterday, a story ran in one security “news outlet” titled “WordPress Skimmers Evade Detection by Injecting Themselves into Database Tables.” Again, that was yesterday. For those familiar with hacked WordPress websites or hacked website using other software, this is a bizarre headline. Malware stored in a database isn’t a new phenomenon, nor was what they are describing something that should evade detection. Several other “news outlets” included in Google News ran similar stories. The sole source for all those stories was a blog post by Sucuri.
It was fairly standard for Sucuri, they once again admitting that one of their customers got hacked. That is despite claiming that their service protects websites from being hacked: [Read more]