We recently ran a survey to get a better understanding of the state of WordPress security. The survey was open to everyone and included several WordPress security-related questions. This report details our findings. Why this survey? WordPress security is an Continue reading WordPress security survey results 2022
CISA, which stands for Cybersecurity & Infrastructure Security Agency, is a US federal agency operating under the Department of Homeland Security. Established in 2018, it supersedes the NPPD – National Protection and Programs Directorate and is tasked with improving cybersecurity Continue reading CISA’s list of bad practices that harm WordPress security
Everyone loves cookies. Or do they? Just like oatmeal raisin, people either love or hate third-party web cookies. Now, major players like Google are trying to phase them out altogether. This emerging shift away from third-party cookies has become known Continue reading A Cookieless Future: Preparing for the End of Third-Party Cookies
AUSTIN — August 9, 2022 — WP Engine, the world’s most trusted WordPress technology company, today announced that it has received ISO/IEC 27001:2013 certification for its Information Security Management System (ISMS). This certification demonstrates WP Engine’s continued commitment to information Continue reading WP Engine Achieves Prestigious ISO/IEC 27001:2013 Certification for Enterprise Security for WordPress Sites
As identity theft cases continue to rise, cyber security has never been more important. One of the main ways to protect your information is to create a strong password, but would a passphrase do a better job? While they might Continue reading Passphrase vs Passwords: Which is Better for Security?
On the podcast today we have Akshat Choudhary. Akshat is the Founder and CEO of BlogVault, MalCare, WP Remote and Airlift. These WordPress plugins allow their customers to build, manage and maintain their WordPress websites. He’s based in Bangalore, India Continue reading #35 – Akshat Choudhary on the State of WordPress Security
Today we are launching our very first WordPress security survey. The aim of this survey is to understand how WordPress administrators and owners view and manage basic security tasks on their WordPress websites. While we have carried out surveys in Continue reading Participate in our WordPress security survey and win
You’ve seen it pop up while browsing or building a website. You know it enables some sort of security. It’s those “HTTPS” letters at the beginning of a webpage URL. But what does HTTPS do, exactly? ShareTweetSharePostSharePin It!
While Gmail may be the world’s most popular email provider, does ProtonMail’s security make it the better option? The answer isn’t always so clear. While many users have already switched to ProtonMail for its excellent security and privacy features, many Continue reading ProtonMail vs Gmail: The Ultimate Comparison Guide
Late last week, Ninja Forms users received a forced security update from WordPress.org for a critical PHP Object Injection vulnerability. This particular vulnerability can be exploited remotely without any authentication. It was publicly disclosed last week and patched in the Continue reading WordPress.org Forces Security Update for Critical Ninja Forms Vulnerability
Over the past few days, the internet went into a frenzy after a Google engineer claimed that LaMDA – a Google AI Neural Network is sentient. His proof was a series of chats the engineer had with LaMDA, which convinced Continue reading LaMDA and CAPTCHA – Should we be worried?
What happened to Horde webmail within my GreenGeeks cPanel account? GreenGeeks has temporarily disabled access to the Horde Webmail client across our network. Unfortunately, this action was necessary as the GreenGeeks Server team became aware of a potential exploit within Continue reading Horde Email Vulnerability: What You Need To Know
A tutorial to higher rankings for WordPress sites This is the original WordPress SEO article since 2008, fully updated for 2022! WordPress is one of the best content management systems for SEO. But even though it gets a lot right Continue reading WordPress SEO: the definitive guide
At least once a day, someone has to explain that the only esc_ function you can use to sanitize is esc_url_raw(). This stems from what was (at the time) a logical change. The function sanitize_url() was an alias for esc_url_raw() Continue reading Rejoice to sanitize_url()
If you run a WordPress site, you might be aware of the many security risks that could threaten your business. For example, Remote Code Execution (RCE) attacks can exploit your website vulnerabilities to steal data, destroy your content, or take Continue reading How to Protect Your Site Against Remote Code Execution Attacks (5 Ways)
If you’re a developer, an agency owner, or anyone else who’s responsible for building and maintaining websites, one of the worst calls you can get is from your boss or from a client, informing you that a site is down. Continue reading Be the Hero: WP Engine’s New Site Monitoring Tool Keeps You in the Know
If your plugin is a FEATURED or BETA plugin, which means officially recognized as such by the WordPress project, you will no longer be able to add or remove committers, nor will you be able to change ownership. This change Continue reading Featured/Beta Plugins Now Limit Changes
Towards the end of March, a critical vulnerability was detected in the Elementor Plugin, versions 3.6.0 through 3.6.2. The issue began when Elementor introduced new functions for plugin setup. However, it opened the door to a serious security threat. Those Continue reading Elementor Plugin Vulnerability Issue Detected, But Updated
In response to the elevated threat of cyber attacks, the White House has urged business owners to increase their cyber diligence and “lock their digital doors.” While the government has stepped up efforts to strengthen national cyber defenses, most of Continue reading Heightened Cyber Diligence: Harden Your WordPress Security
On the podcast today we have Oliver Sild. Oliver has been working in the WordPress space for many years, and specifically with WordPress security, as one of the founders of Patchstack, formerly called WebARX. Patchstack is a product which is Continue reading #20 – Oliver Sild on the State of WordPress Security