WordPress Security Blog

A look at WordPress auto updates statistics in 2022

WordPress auto-updates can be quite a divisive topic. When enabled, auto-updates can ensure that you get the latest updates as soon as they become available. This can help you mitigate certain risks, such as security holes, as fast as possible. Yet, untested updates can break your website – so what’s the deal? Should auto-updates be enabled or disabled? The answer is not so simple.

An analysis of the Cisco 2022 hack

On the 24th of May, 2022, Cisco was made aware by its security teams that there had been a breach. The attacker had managed to gain access, escalate their privileges, install remote access and hacking software, and take steps to maintain access to the systems. They managed to do all of this one step at a time. As we shall see, this should have been easily preventable.

WordPress security survey results 2022

We recently ran a survey to get a better understanding of the state of WordPress security. The survey was open to everyone and included several WordPress security-related questions. This report details our findings.

CISA’s list of bad practices that harm WordPress security

CISA, which stands for Cybersecurity & Infrastructure Security Agency, is a US federal agency operating under the Department of Homeland Security. Established in 2018, it supersedes the NPPD – National Protection and Programs Directorate and is tasked with improving cybersecurity against attacks originating from both private and state-backed hackers.

WordPress Password Protection – A Complete Guide

What are the best methods of WordPress password protection for website administrators? This blog post examines the top password security options, such as strong password policies, password managers, two-factor authentication, educating users, and the use of other, wider safeguards.

Participate in our WordPress security survey and win

We are launching our very first WordPress security survey. The aim of this survey is to understand how WordPress administrators and owners view and manage basic security tasks on their WordPress websites. While we have carried out surveys in the past, this survey is perhaps more ambitious than what we have previously done.

C4WP 7.1.0: Support for Gravity Forms and WPForms

We are thrilled to announce the release of CAPTCHA 4WP version 7.1.0. This release features some highly-requested new features alongside a number of improvements to help administrators and website owners ensure the success of CAPTCHA deployments on WordPress websites when using CAPTCHA 4WP.

Achieve GDPR Compliance for WooCommerce in 5 Steps

If you own an eCommerce store, you’ve probably heard of GDPR. However, you may not be fully conversant with GDPR law and have a lot of questions in your mind. Our goal with this article is to address all your GDPR concerns for your WooCommerce website and help you ensure GDPR compliance for your business.

WCEU 2022 was a blast – here’s what we got up to

The WP White Security team went to WCEU 2022 and it was a blast! Read here for a recap of the event and see what we got up to.

The cost of a WordPress website security breach

A security breach can be expensive. Many studies and statistics put the average of a security breach in the millions of dollars. This figure, however, does not mean much without context. Indeed, it can be complicated to derive an average cost for a security breach.

Our other plugins