While looking into some information for a post we were preparing recently, we ran across a promoted testimonial for a security provider named MalCare, coming from the person behind WPCrafter, which is marketed as WordPress tutorials for non-techies. The testimonial Continue reading Sucuri Security and Solid Security Plugins Won’t Stop Websites From Being Hacked
iThemes Security Pro 7.3.5 was released today to maintain compatibility with the next major release of WordPress on August 8. There is a compatibility update for iThemes Security Pro users available today. This new compatibility release (iThemes Security Pro 7.3.5) must Continue reading WordPress 6.3 Compatibility Update for iThemes Security Pro 7.3.5
Earlier today, we looked at a mess created by the developer of a popular library in WordPress plugins, Freemius, and WordPress security provider, Patchstack. Another company playing a supporting role in what was discussed is StellarWP (which is part of Continue reading StellarWP Hasn’t Fixed Vulnerable Plugin Their Own Security Plugin Has Warned About Since Last Week
New research from Snicco, WeWatchYourWebsite, Automattic-backed GridPane, and PatchStack reveals WordPress malware scanners that operate as plugins in a compromised environment are fundamentally flawed. Malware scanners are cleanup tools at best for already-compromised sites. They’re not a solid line of Continue reading Why WordPress Malware Scanners Are Worthless
A zero-day is a vulnerability being exploited before the developer is aware of it. One of the implications of that is that keeping software up to date won’t protect against it. So for WordPress websites, a WordPress security plugin can Continue reading iThemes Security (Solid Security) and iThemes Security Pro Won’t Protect Against Zero-Days Contrary to Their Marketing
Yesterday, Google announced “The Beginning of the End of the Password.” By this time next year, you may not be using passwords anymore. The Great Password Extinction is Already Underway Imagine a world without passwords. ShareTweetSharePostSharePin It!
With the release of iThemes Security Pro 7.3.4, you will be able to specify whether browsers should require additional verification when a passkey is used to log into WordPress or defer to the browser’s own preferred behavior. We have released Continue reading Release Note: New User Verification Option in Security Pro 7.3.4
Session hijacking is a type of cyberattack that WordPress site owners need to know about. Also known as TCP session hijacking, session hijacking allows attackers to pretend to be a logged-in user on a website. The attacker takes over a Continue reading What is Session Hijacking?
Recently, iThemes (which is being rebranded as SolidWP) and their partner, Patchstack, have been incorrectly labeling that a 100,000+ install WordPress plugin, Download Manager, contained an unfixed vulnerability. The problem stems in part to confusion with a claim that vulnerability Continue reading iThemes (SolidWP) and Patchstack Requiring Their Customers and Plugin Developers to Fix Their Inaccurate Data
We’re releasing iThemes Security Pro 7.3.2 today. This maintenance update will initiate a phased rollout that encrypts 2FA secret codes in the WordPress database by default. Historically, iThemes Security didn’t encrypt the random secret codes for two-factor authentication in the Continue reading Release Note: 2FA Codes Encrypted for Existing Security Pro Users
Update to iThemes Security Free 8.1.5+ and Pro 7.3.1+ We have patched a vulnerability in our Security Pro plugin, as well as the free version available at WordPress.org. The security releases that patch this vulnerability are available now. You should apply Continue reading Security Release: Update iThemes Security Free and Pro
Open source software gets better and is more secure when trust and cooperation win out over secrecy and working alone in the dark. Patchstack’s report on the State of WordPress Security in 2022 shows this is not just an ideal Continue reading The State of WordPress Security: Community and Collaboration Help Us All Win
February 8, 2023 — Today, iThemes is pleased to announce we’re partnering with Patchstack to provide early warnings about potential vulnerabilities in WordPress sites protected by our security plugins, iThemes Security and Security Pro. What’s changing? Patchstack’s vulnerability database and Continue reading New Patchstack Integration for iThemes Security and Security Pro
WordPress core is solid — what you install in it may not be. How secure is WordPress? Against a backdrop of steadily increasing global cyberattacks and sophisticated cybercrime targetting more than half of all small to mid-sized businesses (SMBs) in Continue reading The 2022 WordPress Vulnerability Annual Report
We’re adding hCaptcha and Cloudflare’s Turnstile to iThemes Security Pro alongside the existing Google reCAPTCHA option. (Turnstile is available for Kadence in its CAPTCHA plugin now too.) Why are we doing this, and why should you use a CAPTCHA? Which Continue reading New Turnstile and hCaptcha Support in Security Pro 7.3
WordPress, like MacOS and even Windows now, has an infamous “White Screen of Death” or “WSOD” for short. The WSOD appears when something goes badly wrong. You’re facing a blank or mostly blank white screen for unknown reasons. Now what? Continue reading The WordPress White Screen of Death: A Guide to Recovery