WordPress.org now supports various options for Two Factor Authentication for account access. This seems long overdue and it is good to see it being implemented.

This is an interesting interview with Thomas J. Raef on protecting your website and the state of WordPress security. Great interview. Very clear discussion.

Recently there have been headlines that malware scanners are worthless. WordFence published an article describing how they see malware scanners as part of a layered approach to security and they also discussed their new command line scanning option.

Just like your WordPress site, if you are using a VPS then it is necessary to lock it down and keep it updated.

WordFence has launched a new free service where you can setup web hooks for vulnerability notifications.

Here is the first in a mini-series from WP Builds on the state of WordPress security. The first interview is with Calvin Alkan. Much of the episode covers ground that we’ve already posted about in the group, but there is some new info.

In the security reference department – this article lists a large number of common vulnerability types and explains what they are and how they work.

For developers: this is an in-depth overview about WordPress nonces and a tutorial on how to use them.

This is a mid-year report from the WordFence team about security threats they have tracked so far. The article is kind of interesting also because they used AI prompts against their own vulnerability database to help generate the answers.