Some of the hosting providers have unnecessary ports open by default which are vulnerable to attacks and can give an invitation to attackers. Also, most of the hosting providers have outdated versions of the software. You need to consider these things before choosing the secure web host.

Common username and passwords give an open invitation for brute force attack.

Using pirated or an outdated plugin or theme can make your site vulnerable.

Each new version of WordPress fixes bugs and security vulnerabilities. If you’re not updating WordPress, then you are intentionally leaving your site vulnerable.

It is recommended that you use a prefix that is a little more complicated. This will make it harder for hackers to guess your database table names.

This will help you keep your login page unknown to the attackers and will help you protect your site from brute force attacks.

Affected Products:- Windows RT 8.1,Windows Server, version 1903 (Server Core installation),Windows Server 2016,Windows Server, version 1803 (Server Core Installation),Windows Server 2012,Windows 8,Windows 7,Windows 10,Windows Server 2008,Windows Server 2019

• An elevation of privilege vulnerability exists in Microsoft Windows Setup when it does not properly handle privileges.
• An attacker who successfully exploited this vulnerability could run processes in an elevated context.
• An attacker could then install programs; view, change or delete data. To exploit this vulnerability, an attacker would first have to log on to the system.
• An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.
• The security update addresses the vulnerability by enabling Windows Setup to properly handle user privileges.

Affected Products:- Windows 10,Windows Server 2016,Windows Server, version 1803 (Server Core Installation),Windows Server, version 1903 (Server Core installation),Windows Server 2019

• A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory.
• An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.
• An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.
• The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.

Affected Products:- Windows RT 8.1,Windows Server, version 1903 (Server Core installation),Windows Server 2016,Windows Server, version 1803 (Server Core Installation),Windows Server 2012,Windows 8,Windows 7,Windows 10,Windows Server 2008,Windows Server 2019

This vulnerability allows containers using subPath volume mounts to access files or directories outside of the volume, including the host’s file system. If exploited, it could give an attacker access to a pod and full control over the node host by gaining access to the Docker socket.

This vulnerability allows an unauthenticated user to perform privilege escalation and gain full admin privileges on a cluster. After a remote user exploits this vulnerability and gains admin privileges, he can take ownership of a cluster. He could perform malicious actions such as injecting malicious code into containers to exfiltrate data, mine for cryptocurrencies, or access secrets.

This vulnerability allows an attacker to potentially compromise the container host. The vulnerability allows a malicious container to overwrite the host runc binary and gain root-level code execution capability on the host.

1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c.
2. allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data
3. ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of service (application crash) via an unserialize call for the com, dotnet, or variant class

To avoid these vulnerabilities you must update PHP to the latest 7.4 Version

• WordPress <= 5.3 - Improper Access Controls in REST API
• WordPress <= 5.3 - Stored XSS via Block Editor Content
• WordPress <= 5.3 - Stored XSS via Crafted Links
• WordPress <= 5.3 - wp_kses_bad_protocol() Colon Bypass

• WordPress <= 5.2.3 - Admin Referer Validation
• WordPress <= 5.2.3 - JSON Request Cache Poisoning
• WordPress <= 5.2.3 - Server-Side Request Forgery (SSRF) in URL Validation

HTTPS (Hypertext Transfer Protocol Secure) is an internet communication protocol that protects the confidentiality and integrity of data between the user's computer and the site. We motivate you to follow HTTPS to secure the connections of your users to your website, regardless of the content on the site. If you or your users want anything private then we highly recommended using HTTPS

During the last decade, the way companies use the Internet has changed dramatically. Many advanced web applications are developed for storing huge amounts of data. But unfortunately, that data can be exposed.

There are various ways to prevent such cyber-attacks, one of the best way is a web application firewall (WAF). Web Application Firewall protects your website from several website attacks such as SQL Injection(SQLI), Cross-Site Scripting(XSS), Remote File Inclusion and many more cyber attacks. It also protects your website from critical attacks such as Dos and DDoS attacks.

SQL Injection:- SQL injection is a web security vulnerability that allows an attacker to interfere with the database queries.

XSS (Cross-site scripting):- Cross-Site Scripting attack is a malicious code injection. The malicious script can be saved on the webserver and executed every time when the user calls the appropriate functionality.