WordPress.org now supports various options for Two Factor Authentication for account access. This seems long overdue and it is good to see it being implemented.

Malware Scanning A Layered Approach
Ram Gall @ wordfence.com
• 2 weeks agoRecently there have been headlines that malware scanners are worthless. WordFence published an article describing how they see malware scanners as part of a layered approach to security and they also discussed their new command line scanning option.

Protecting. Your VPS
Josh Escobedo @ liquidweb.com
• 4 weeks agoJust like your WordPress site, if you are using a VPS then it is necessary to lock it down and keep it updated.

WordFence Vulnerability Webhook Notifications
Chloe Chamberland @ wordfence.com
• 1 month agoWordFence has launched a new free service where you can setup web hooks for vulnerability notifications.

The State of WordPress Security Part One
Aalvin Alkan @ wpbuilds.com
• 2 months agoHere is the first in a mini-series from WP Builds on the state of WordPress security. The first interview is with Calvin Alkan. Much of the episode covers ground that we’ve already posted about in the group, but there is some new info.

Deep Dive on Understanding and Using WordPress Nonces
Milana Cap @ developer.wordpress.org
• 2 months agoFor developers: this is an in-depth overview about WordPress nonces and a tutorial on how to use them.

WordFence Mid-Year Report
Chloe Chamberland @ wordfence.com
• 2 months agoThis is a mid-year report from the WordFence team about security threats they have tracked so far. The article is kind of interesting also because they used AI prompts against their own vulnerability database to help generate the answers.