The Patchstack team challenges the notion that your web host provides sufficient site security. They setup sites with known vulnerabilities on a number of hosting platforms to see how well their security profile is. It is an interesting and useful test, and they name plugins that had vulnerabilities, but the report would have been twice as useful if they listed the names of the hosting companies. They establish a general presumption that a hosting company’s security is not sufficient, but no one knows if their hosting company was one of the ones tested, and hence “maybe” their host is better or not.

Recent data on Fail2ban and Imunify360 call into question their effectiveness in fighting modern bot attacks. These 2 tools have been widely popular for a long time, and quite effective in the past. Unfortunately, the changing nature of bot attacks and increases in number of IPs they have available (some of the bot networks now have millions of IPs). These tools just aren’t designed to handle these changing conditions.

Katie Keith did some research to ask about plugins whose sales were in decline or flat. There are some interesting findings such that 80% of plugin sales were the same or lower as last year and different types of plugins are more vulnerable than others.

I enjoy reading these Year in Review articles. This one from Katie Keith at Barn2 is very interesting. While overall performance was very good, there was a 17.8% drop in new sales. She reports that other WordPress plugin shops saw something similar and she talks about possible causes. The roundup is an interesting look into what it takes to lead a WordPress plugin company.

Cloudflare’s year in review is an interesting browse to see what technologies are being used. It shows WordPress as 47% of sites using a Content Management System.

Katie Keith runs Barn2, a plugin shop that sells a number of Woo extensions. She did a survey asking people why they choose WooCommerce. It is interesting to see, or be reminded, that WooCommerce is very flexible. Today with SureCart and FluentCart that flexibility and range of extensions is one of Woo’s advantages, if you need it.

Katie Keith answers the question if lifetime licenses really cost more to support by digging into real data from Barn2’s sales and support history.

The ACF Annual Survey for 2025 was released. I didn’t see much that surprised me except for the number of people building blocks with ACF.

A selling point of many hosting providers is that they provide security for WordPress sites. Some hosting providers even suggest that WordPress security plugins are not needed if you are using their hosting. Well, Patchstack tested this out and the results weren’t good. Don’t get rid of your security plugins yet.