What are WordPress plugins?

If you are new to WordPress, you might be wondering what are WordPress plugins and what’s their purpose. It’s a reasonably common question to ask because plugins are an important part of the WordPress ecosystem. They are essential if you want to build … Continue reading What are WordPress plugins?

Statistics highlight the biggest source of WordPress vulnerabilities

WordPress vulnerabilities statistics show that the main source of WordPress vulnerabilities are in WordPress plugins. These vulnerabilities statistics also show how important it is to always run the latest version of WordPress core, plugins and themes…. Continue reading Statistics highlight the biggest source of WordPress vulnerabilities

Should maintained plugins be suspended from the WordPress repository when there is a security issue?

On 27th February 2020, at 9:34PM (CET) we received an email notifying us that our plugin WP Security Audit Log was “temporarily withdrawn from the WordPress.org Plugin directory due to an exploit”. We submitted a fix on Friday, 28th Februar… Continue reading Should maintained plugins be suspended from the WordPress repository when there is a security issue?

Update now! Popular WordPress plugins have password bypass flaws

Researchers have discovered bad authentication bypass vulnerabilities affecting two WordPress plugins which should be patched as soon as possible. Continue reading Update now! Popular WordPress plugins have password bypass flaws

How to Manually Deactivate WordPress Plugins

Plugins are a great aspect of using WordPress. However, at some point, you’ll need to uninstall or deactivate a plugin for one reason or another. This might present a problem, in that, the default method for deactivating WordPress plugins might n… Continue reading How to Manually Deactivate WordPress Plugins

Prevention is the way to go when it comes to WordPress security

A common misconception is that malicious hackers only target websites with large income, or those that store valuable sensitive information. However, WordPress websites generally get a lot of unwanted attention, which is why it’s important to tak… Continue reading Prevention is the way to go when it comes to WordPress security

Malware Campaigns Sharing Network Resources: r00ts.ninja

We recently noticed an interesting example of network infrastructure resources being used over a period of time by more than one large scale malware campaign (e.g redirected traffic, cryptomining). This was discovered when reviewing sources of the var… Continue reading Malware Campaigns Sharing Network Resources: r00ts.ninja

0day Vulnerability in Easy WP SMTP Affects Thousands of Sites

The Easy WP SMTP plugin authors have released a new update, fixing a very critical 0day vulnerability. When leveraged, this vulnerability gives unauthenticated attackers the power to modify any options of an affected site — ultimately leading to… Continue reading 0day Vulnerability in Easy WP SMTP Affects Thousands of Sites