This is a good discussion about WordPress security with Mario Peshev and Oliver Sild. It is a wide-ranging discussion.

Advanced Access Monitor is a security focused plugin that has a pretty robust free version. The free version has an audit feature that checks a number of areas to see that they are locked down and in line with best practices. This article outlines the audit feature.

It seems like the number of unpatched vulnerabilities is increasing. If that is correct it is not a good trend.

Patchstack has released their annual State of WordPress security report.

If you are going to be at WordCamp Asia, Patchstack is running a “Capture the Flag” hacker challenge. They already have over 100 people signed up.

For developers, this article looks at the OWASP told ten vulnerabilities list, so hopefully you can recognize and avoid them in your code.

Coming in WordPress 6.8 – The algorithm used for passwords is changing from phppass portable hashing to bcrypt.

There is too much bad stuff going around about WordPress, but more keeps leaking out. Here is a thread on X that shows the data collected by WooCommerce … the extent of which is way over the top

The entire Patchstack app is now available as an API for free for people on their Developer plan. This allows for the integration of Patchstack with your own workflow and automations.