Emil Tragardh @ youtube.com • 1 year ago
With the help of breakdance XSS any user can trick the admin user to execute PHP code without them knowing it. The code is written by the Editor (or any other user role) and later executed unknowingly by the administrator.
William Brown @ blackhats.net.au • 1 year ago
A year ago we were all urged to jump on the passkeys train because it was superior security. In this article the author describes two problems – vendor lock-in and uneven implementation.
Dennis Dormon @ mainwp.com • 1 year ago
A security researcher alerted MainWP that some customer account information had been found in a large dump of compromised accounts. The notification says the accounts may be ones where users reused their credentials on multiple sites. MainWP reset all passwords and are requiring two factor authentication going forward. The account information is logging into the MainWP website, not ones related to connected sites.
Vladimir Smitka @ smitka.me • 1 year ago
An interesting list of steps and code for better securing a WordPress site from a WordPress veteran.
Aaron Jorbin @ wordpress.org • 2 years ago
The topic of WordPress security is timely. WordPress 6.5.2 is a security and fix release just dropped.
David McCan @ webtng.com • 2 years ago
There has been a lot of discussion about WordPress security and it seemed like the WordPress security posture hasn’t changed much over the years. David McCan discusses this and shares some ideas about how to bring WordPress security in line with current best practices.
David McCan @ webtng.com • 2 years ago
Security vulnerabilities were reported for two WordPress page builders – Oxygen and Breakdance. In an unusual move the developers pushed back. This article has the details.
David McCan @ wpdaily.news • 2 years ago
Patchstack is changing their service to focus more on prevention. Beginning May 1st they plan to: 1) Discontinue the Incident Response service. 2) Change the settings controls so they will be read only on the site via the plugin, and you will change them on the central Patchstack dashboard. 3) Discontinue the Site Scanning feature that checks your sites and gave hardening suggestions.
Patchstack @ patchstack.com • 2 years ago
Patchstack has released a new report on the state of WordPress security. There is a lot of interest and the report is a bit different that previous ones in that it talks about some of the exploits as examples in different categories.
