WordPress announced a major clampdown to protect its theme and plugin ecosystem from password insecurity. These improvements follow a flurry of attacks in June that compromised multiple plugins at the ...

More than 30 WordPress plugins in the EssentialPlugin package have been compromised with malicious code that allows ...

A new wave of cyberattacks has compromised millions of WordPress websites, raising concerns about platform security. The ...

Learn how to protect WordPress site malware 2026 with proven security steps, ngCERT guidelines, and practical strategies to ...

The WordPress security team has taken a rare step last week and used a lesser-known internal capability to forcibly push a security update for a popular plugin. While robust passwords help you secure ...

WordPress versions 3.7 – 4.0 will no longer receive security updates beginning on December 1, 2022. Anyone using these out of date versions of WordPress will put their sites at risk for hacking after ...

WordPress administrators are being emailed fake WordPress security advisories for a fictitious vulnerability tracked as CVE-2023-45124 to infect sites with a malicious plugin. The campaign has been ...

Up to 20 attackers or groups of attackers are defacing WordPress websites that haven’t yet applied a recent patch for a critical vulnerability. The vulnerability, located in the platform’s REST API, ...

Opinions expressed by Entrepreneur contributors are their own. This past October, the WordPress security team used an internal feature to push a security update to a popular plugin. The ability to ...

WordPress’s emperor, Matt Mullenweg, demands a hefty tribute from WP Engine, and a battle erupts, leaving millions of websites hanging in the balance. Meanwhile, the Internet Archive, a digital ...

WordPress is one of the most widely-used Content Management Systems on the planet. With over 43% of websites using the platform, it’s no surprise that it has a target on its back. That not only means ...