WordPress Security Blog

Password Policy Manager 2.3.4: improved plugin interoperability & bug fixes

Today we are in the third week of 2021, and we are happy to announce the third plugin update of the year: Password Policy Manager 2.3.4. This update features better interoperability with third party plugins, a few minor improvements, and a number of bug fixes. Let’s dive right into the below highlight to see what […]

2020 Year in Review: the best of WP White Security

2020 has been a challenging year for many. However, we have been very lucky and even though it was challenging, we’ve made the best out of it, and we turned it into a big one! So we wanted to take the time and look back at everything that happened at WP White Security. With remote […]

Website File Changes Monitor 1.7.1: improved UX & other minor improvements

Today we are happy to announce the release of Website File Changes Monitor 1.7.1. This is a minor but must-install followup to update 1.7.0. In this update we have improved several aspects of the plugin’s user experience (UX) and also addressed a few issues reported in update 1.7.0. Below is a highlight of what is […]

Hacking WordPress websites & stealing WordPress passwords

A detailed explanation of how attackers use Man-in-the-Middle (MitM) to hack WordPress websites and login credentials. This article is for educational purposes only. Like any other web application with a login form, WordPress submits your username and password in an HTTP request when logging in. By default, HTTP is not an encrypted protocol. That means […]

Admin Notices Manager 1.1: choose which admin notices you see & which not

We can all agree that 2020 was a difficult year. That’s why we are excited to start 2021 with our very first update of the Admin Notices Manager plugin. In this update we added the ability to choose which type of admin notices to show as normal on the WordPress dashboard, in the plugin pop-up, […]

Interview with Ryan Dewhurst, founder of WPScan

Ryan Dewhurst is an ethical hacker and penetration tester who has dedicated many years in helping people in the WordPress community improve the security posture of their websites and protect them from malicious attackers. Ryan is the founder of WPScan, a free, black box WordPress security scanner written for security professionals and blog maintainers to […]

How to safely add custom code to WordPress websites

Users are often looking for ways to tweak their websites, plugins and themes, or to add some modifications to an existing functionality. In most of these cases, you can do so by adding custom code to your WordPress website. There is nothing wrong with adding custom code to your website. However, there are a few […]

WFCM 1.7.0: new file integrity checks & detailed email notifications

2020 has been a very difficult year for everyone. So there is nothing better than ending the year on a high; before we leave for the holidays and enjoy some downtime, we are excited to announce the last release of this year; Website File Changes Monitor 1.7.0. In this update we added a new feature […]

How to choose the best WordPress plugins for your website

WordPress plugins are awesome and if you want your site to have a specific function, or add additional functionality, the chances are there is a plugin out there for it. If you’d like to learn more about what WordPress plugins are, refer to our WordPress plugins introduction. On the WordPress’s repository there are over 57,000 […]

What are WordPress plugins?

If you are new to WordPress, you might be wondering what are WordPress plugins and what’s their purpose. It’s a reasonably common question to ask because plugins are an important part of the WordPress ecosystem. They are essential if you want to build a website with WordPress. In this article, we explain what WordPress plugins […]

Our other plugins