Astro + WPGraphQL for more secure WordPress sites
WordPress powers over 43% of the web, and that makes it a prime target for hackers and bots. But […]
Security
Latest posts
in SecurityPatchstack Tracks 328% More Security Bugs Reported in WordPress Plugins in 2022 (wptavern.com)
Patchstack, a WordPress security maintenance and management tool, has published its “State of WordPress Security” whitepaper for 2022, tracking a few key metrics on publicly reported vu…
in SecurityAll In One SEO Pack Vulnerabilities Impacting 3 Million Sites Patched (www.wordfence.com)
On January 26, 2023, the Wordfence Team responsibly disclosed two vulnerabilities in All In One SEO Pack, a WordPress plugin installed on over 3 Million sites which provides search engine[…]
in SecurityGoDaddy says a multi-year breach hijacked customer websites and accounts (arstechnica.com)
Three breaches over as many years all carried out by the same threat actor.
in SecurityMultiple Authenticated SQL Injection Fixed In WP Statistics Plugin Version (patchstack.com)
If you’re a WP Statistics user, please update the plugin to at least version13.2.11. Patchstack Pro and Business users are protected from the vulnerability. You can also sign up the[…]
in SecurityMassive Campaign Uses Hacked WordPress Sites as Platform for Black Hat Ad Network (blog.sucuri.net)
Since late December, our team has been tracking a new spike in WordPress website infections related to the following malicious domain: track[.]violetlovelines[.]comPublicWWW results show over 5,600 websites impacted by this[…]
How to scan your WordPress instances for Security Issues using WPScan (blog.wpsec.com)
The WPScan security scanner was developed primarily for WordPress administrators and security teams to evaluate the current state of their respective WordPress installations’ level of protection against potential threats. It[…]
in SecurityFake plugin affecting WordPress sites (blog.wpscan.com)
Bad actors are abusing leaked and compromised credentials to install core-stab fake plugin on WordPress sites.More
in SecurityMultiple Vulnerabilities Affecting Multiple MainWP Extensions (patchstack.com)
Introduction At Patchstack we accept vulnerability reports from individual researchers but also do our own research – often by randomly selecting a plugin. This time it happens that, during a[…]
in SecurityLinux backdoor malware infects WordPress-based websites (news.drweb.com)
Doctor Web has discovered a malicious Linux program that hacks websites based on a WordPress CMS. It exploits 30 vulnerabilities in a number of plugins and themes for this platform.[…]
in SecurityDecember WordPress Bug Hunting Challenge has a $4300 prize-pool (patchstack.com)
We are beyond excited to celebrate the winter holidays and launch of Patchstack Alliance Discord community with a special bug hunting event taking place throughout December 2022. In December, we[…]
in SecurityWordfence Launches Free Vulnerability Database For Commercial Use (www.wordfence.com)
Today we are incredibly excited to announce that Wordfence is launching an entirely free vulnerability database API and web interface, available for commercial use by hosting companies, security organizations, threat[…]
WordPress To Drop Security Updates for Versions 3.7 Through 4.0 by December, 2022 (wptavern.com)
WordPress’ Security Team announced it will be dropping support for versions 3.7 through 4.0 on December 1, 2022. To give some context for how old these versions are, in 2013,[…]
in SecurityWordPress Core 6.0.2 Security & Maintenance Release – What You Need to Know (www.wordfence.com)
On August 30, 2022, the WordPress core team released WordPress version 6.0.2, which contains patches for 3 vulnerabilities, including a High Severity SQLi vulnerability in the Links functionality as well[…]