Be careful clicking on Google Ads as they are frequently used in malicious campaigns. In this case, it’s ManageWP, but other companies have been targeted. In these types of ads a brand’s reputation can be leveraged.

Years ago the shared wisdom was that GoDaddy was OK for domain registration, but don’t use their hosting. Now it seems that the organization has gotten too large and disorganized. This is not the first time I’ve heard of this type of issue with GoDaddy.

This is an attempt to limit the reach that traditional WordPress plugins have, and maybe it is a response to EmDash. It is a framework for WordPress apps that run alongside of sites instead of as plugins.

This is a very scary analysis of a sophisticated supply chain attack in the WowShipping Pro plugin. We still don’t have the full story, possibly other WPXPO plugins could have been compromised, but if you are using WowShipping Pro then you need to take action.

Bad actors purchased popular plugins hosted on WordPress.org and added malware that was downloaded to users sites.

I imagine most of us are using Lets Encrypt SSL certificates and so this might not apply, but to those managing SSL certs for clients this might be something to plan for.

Oops, Roger Montti summarizes the reasons for the recent series of core releases.

WordPress 6.9.2 was just released. It is a security update and it is recommended to update your sites immediately.

The Patchstack team has collected and analyzed all the 2025 data about the security of the WordPress ecosystem. Their our annual report shows that attackers are getting more sophisticated, it is getting harder to clean sites, and mention is made of the fact that security procedures may need to change given the rise of AI custom code.