For the latest information, please see our documentation on Docker
Last week we received an email from a fellow penetration tester, requesting official Kali Linux Docker images that he could use for his work. We bootstrapped a minimal Kali Linux 1.1.0a…
Beware of Door To Door Security System Scams
The nicer weather starts the beginning of “Summer Programs” that many home security companies employ to generate door to door home security systems sales. The Summer Program consists of security companies hiring temporary workers that go door to door a…
Pixiewps, Reaver & Aircrack-ng Wireless Penetration Testing Tool Updates
A short while ago, we packaged and pushed out a few important wireless penetration testing tool updates for aircrack-ng, pixiewps and reaver into Kali’s repository. These new additions and updates are fairly significant, and may even change your …
OpenVAS 8.0 Vulnerability Scanning
Vulnerability scanning is a crucial phase of a penetration test and having an updated vulnerability scanner in your security toolkit can often make a real difference by helping you discover overlooked vulnerable items. For this reason, we’ve manu…
Kali Linux 1.1.0 Release
After almost two years of public development (and another year behind the scenes), we are proud to announce our first point release of Kali Linux – version 1.1.0. This release brings with it a mix of unprecedented hardware support as well as rock solid…
A Few Thoughts on Privacy in the Age of Social Media
Everyone already knows there are privacy issues related to social media and new technologies. Non-tech-oriented friends and family members often ask me questions about whether they should avoid Facebook messenger or flashlight apps. Or whether it’s OK …
Kali & NetHunter Security Release Fixes
Squash the Bugs with Kali 1.0.9a
Over the past couple of weeks, we’ve seen a bunch of nasty bugs hit the scene, from shellshock to Debian apt vulnerabilities. As we prefer not to ship vulnerable ISOs, we’ve rolled up new images for our Kali…
Kali Tools Website Launched, 1.0.9 Release
Now that we have caught our breath after the Black Hat and DEF CON conferences, we have put aside some time to fix an annoying bug in our 1.0.8 ISO releases related to outdated firmware as well as regenerate fresh new ARM and VMware images (courtesy of…
BMWs and Bicycles: The Value of Complexity
If your ideas about Oracle Identity & Access solutions start and end with the word complexity, you’re missing the big picture. Contrary to what competitors might be telling you, Oracle’s current IAM solution looks nothing like a conglomeration of d…
WordPress Security: Securing Sites From Hackers / Future Attacks
As WordPress is the most popular CMS available on the web but also vulnerable to threats if we don’t follow the necessary security measures.
In one of previous guest post, Sarah Rexman mentioned some tips about securing WordPress and in this post I’m gonna share my own experience. While working as freelancer on Upwork, PeoplePerHour and Freelancer; clients always have issues about securing their sites from hackers and ask about how to prevent from future attacks. So consider these points to secure your WordPress site for now and future:
- Keep your WordPress up to date. Latest stable version is 6.7.2 released on 11th February, 2025.
- Keep your all plugins, themes up to date.
- Always keep backup of your database, files and make it update after some interval.
- If site has been compromised, then you must change your salt keys from your wp-config.php file under root directory. You can generate new keys from here. It will force all users to have to log in again.
- Change your all passwords associated with site at regular interval.
- Use strong passwords for all logins. Include the mixture of atleast one uppercase letter, lowercase letter, special character, number.
- Change your WP-Admin username from admin to some other name.
- Change database prefix from wp_ to some other complicated characters to avoid zero-day SQL injection attacks.
- Remove timthumb script if your site running it as its no longer supported or maintained.
- Use plugins after testing it properly. Going through plugin review, Google search will let you know about the reputation of the plugin.
- Keep track of latest visitors through log files for tracking site users. If you find any suspicious activity at any particular time, then logs files might help you to know a bit about the attacker.
- Change permissions for .htaccess, wp-config.php, themes main files to 444.
- Proper file permissions for other files and folders. Best practice is to use 644 for files and 755 for folders.
- Keep your own system virus free.
- Always try accessing the site credentials from your own system only.
- Validate all user inputs like URL, image uploads etc.
- Keep track of WP-Admin, FTP accounts user section for any unauthorized user.
- You can also use Wordfence plugin to monitor from malicious scripts.
- Put some security to the server on which your site is hosted, either it hosted on dedicated or a shared server.
- Keep updated with latest vulnerabilities.
Is your own site get infected with malware/virus, contact me through contact form to get rid of malware with future security implementation. In some cases, site might be hit by pharma hack, you can check it either through site content or by searching your site on Google with query “site:example.com pharma”
Having any further issue? Please comment down!