This is a monthly roundup of all the WordPress core, WordPress plugins and WordPress themes vulnerabilities reported during the month of September 2016. This roundup is made possible through WP Security Bloggers, an aggregate of popular WordPress security blogs and websites that publish WordPress security news and updates. Recap of Vulnerabilities in September 2016 When… Read More
This is a monthly roundup of all the WordPress core, WordPress plugins and WordPress themes vulnerabilities reported during the month of August 2016. This roundup is made possible through WP Security Bloggers, an aggregate of popular WordPress security blogs and websites that publish WordPress security news and updates. Subscribe to the WP Security Bloggers daily… Read More
The infrastructure of the WordPress REST API will be included in the core of WordPress version 4.4. The release of WordPress version 4.5 will also include a number of endpoints for the REST API. The addition of this new functionality in WordPress core has raised a few eyebrows. Many are already concerned and as usual, WordPress security is the… Read More
We have seen a number of successful WordPress hack attacks where a WordPress user was created with an email address email@example.com. Such hacks are not done by us. Read this article for more information about these type of attacks.
This blog post shows how Rafay Baloch, a leading security professional was able to bypass the Sucuri website firewall and exploit a cross-site scripting vulnerability on a website protected by the same web application firewall.
A cross-site scripting vulnerability has been discovered in a number of WordPress plugins and today all of them have released updates to address this issue. Read this article for more details.
Media can have a big impact on WordPress security. As we have learnt from last week’s WordPress SEO plugin vulnerability, if media is used effectively more users will keep their plugins up to date, which also means more secure.
WP Security Bloggers is a WordPress security news central. The website pulls WordPress security news and updates from a number of prominent WordPress security blogs, websites and various other security sources.
WordPress vulnerabilities statistics show that the main source of WordPress vulnerabilities are in WordPress plugins. These vulnerabilities statistics also show how important it is to always run the latest version of WordPress core, plugins and themes.
A few weeks back Google announced that HTTPS will be used for SEO ranking, thus encouraging every website owner to run his or her website on HTTPS. Is it really necessary that every website runs on HTTPS for a more secure and safer internet?