WordPress Security Blog

March 2017 WordPress Core, Plugins & Themes Vulnerabilities Roundup

Overview of WordPress Vulnerabilities Published in March 2017 March was a very busy month in terms of published advisories. A security update of WordPress was released, WordPress 4.7.3, and more than 40 WordPress plugin vulnerability advisories were published. The majority of them are from the Summer of Pwnage project, which were identified last year but released […]

Top Five WordPress Users Management Guidelines

User management is a difficult task and it is a webmasters’ and systems administrators’ nightmare. If not done properly, it can lead to a number of security issues. For example there have been cases where employees still had access to confidential business data, months and sometimes even years after leaving their job. These type of user management […]

February 2017 WordPress Core, Plugins & Themes Vulnerabilities Roundup

In this second monthly roundup of WordPress core, plugins and themes reported vulnerabilities for 2017 we had just a few vulnerabilities. Are things getting better? I’d like to hope so but it seems it is not the case. Just read the developer’s response to the security issue that was reported in his premium WordPress theme […]

Why Would a Malicious Hacker Target Your WordPress?

We’ve all heard it on the news; hackers want to hack websites to steal credit card and confidential user information for their own financial gains. So why on earth would anyone want to hack into your hobby WordPress website about cute little kittens, or your small business website, even when it does not hold any sensitive […]

January 2017 WordPress Core, Plugins & Themes Vulnerabilities Roundup

In this first monthly roundup of WordPress core, plugins and themes reported vulnerabilities for 2017 we had a good number of WordPress plugins  and vulnerabilities reported. This vulnerabilities and security issues roundup is made possible through WP Security Bloggers, an aggregate of popular WordPress security blogs and websites that publish WordPress security news and updates. […]

Best Practices for Secure Web Forms on Your WordPress Website

Contact and other type of web forms on websites are typically used to capture leads and build a mailing list for your business’ email marketing strategy. Web forms are also the most commonly exploited attack surface on websites, since they allow users to input data that is then stored into a database or some other […]

December 2016 WordPress Core, Plugins & Themes Vulnerabilities Roundup

In this December 2016 monthly roundup of WordPress core, plugins and themes reported vulnerabilities we only have a few WordPress plugins vulnerabilities reported. This vulnerabilities and security issues roundup is made possible through WP Security Bloggers, an aggregate of popular WordPress security blogs and websites that publish WordPress security news and updates. Subscribe to the WP […]

Restoring WordPress from a Backup

WordPress is a very simple web application. It is made up of a number of PHP files and a database, typically a MySQL database. The files are the actual web application and the database is where all the information such as users, blog posts, pages and other data is stored. The WordPress setup is so […]

November 2016 WordPress Core, Plugins & Themes Vulnerabilities Roundup

This is a monthly roundup of all the vulnerabilities in WordPress plugins and themes reported during the month of November 2016. During November no WordPress core vulnerabilities were reported. This roundup is made possible through WP Security Bloggers, an aggregate of popular WordPress security blogs and websites that publish WordPress security news and updates. Overview of […]

Dealing with Failed Logins on Your WordPress

This article explains why many WordPress websites have a lot of failed login attempts. It also explains what you can do to protect your WordPress website from failed login attacks.