The Problem with Site Malware Scanners

Calvin Akn @ snicco.io • 2 years ago

Calvin Akn, a security researcher, published an article looking at WordPress malware scanners. The summary of the article is that malware scanning can be helpful for detecting common malware, but more sophisticated attacks can bypass it and give you a false sense of security. Therefore, you should not rely totally on malware scanning but should have good measures in place for prevention. There are some interesting and clever step by step illustrations of the concepts described in the article.

The research in the article was done in conjunction with GridPane and Thomas J. Raef. Patchstack verified the proof of concepts discussed, as noted in the article.

should we start asking about security audits

Should Plugin Security Audits Be An Expected Best Practice?

David McCan @ webtng.com • 2 years ago

There have been a number of plugins that have repeated had security issues, even among the bigger players. In this editorial I suggest that it is time for the big players to start having their plugins audited for security. When we evaluate plugins we check for a money back guarantee, that they tell about themselves on the website, that they have positive reviews, are actively providing support, and so on. Lets start politely asking about independent security audits.