Patchstack has a new feature, Patchstack Priority. What I gather from the announcement is that it is another rating system in addition to the CVSS score. The Patchstack Priority is meant to indicate how likely the immediate threat is and how quickly you should respond.

I always update vulnerable plugins immediately, so I’m not sure how helpful this will be for me, though it is good to know if there are active exploits.

You have probably been prompted to setup passkeys and thought it would be a good idea to research it. This interesting article discussing passkeys is worth a read before you start using this new security feature.

The WordFence open source command line scanner now scans for malware and vulnerabilities. It is written in Python and requires power user or sysadmin skills to setup, but is a good resource. This article in the Tavern has links to the documentation and code.

In this engaging video Kathy Zant and Thomas Raef have a discussion about the theft of session cookies, which is becoming more prevalent, and what you can do about it.

The LiteSpeed Cache plugin had a security issue that has been patched. Update if you haven’t already.

WordPress 6.3.2 is a security and maintenance release and is rolling out now.

Yikes, this is scary. Thomas J. Raef reports that WordPress management consoles such as ManageWP, WPUmbrella, and MainWP have been used to compromise connected child sites. It seems the exact way the parent sites are being compromised is not certain, but possibly from site admins using open WiFi networks. There isn’t an indication that ManageWP, WPUmbrella, or MainWP themselves have been hacked.

WordPress.org now supports various options for Two Factor Authentication for account access. This seems long overdue and it is good to see it being implemented.

This is an interesting interview with Thomas J. Raef on protecting your website and the state of WordPress security. Great interview. Very clear discussion.