WordPress announced a major clampdown to protect its theme and plugin ecosystem from password insecurity. These improvements follow a flurry of attacks in June that compromised multiple plugins at the ...

When it comes to security, there is no WordPress-specific type of security that exists. All problems with security are common for all websites or applications. WordPress security problems are of great ...

Thousands of sites running WordPress remain unpatched against a critical security flaw in a widely used plugin that was being actively exploited in attacks that allow for unauthenticated execution of ...

WordPress administrators are being emailed fake WordPress security advisories for a fictitious vulnerability tracked as CVE-2023-45124 to infect sites with a malicious plugin. The campaign has been ...

WordPress users warned as millions of attacks reported. Updated October 29 with a correction to the WordPress attack statistics: the correct number is 1.6 million attacks in 48 hours. WordPress ...

The popularity of WordPress has made it a prime target for site attacks. The more people using the same platform of any type, the more success hackers will have exploiting a larger number of users.

WordPress plugin flaw let low-privileged users access sensitive server files and credentials CVE-2025-11705 affects plugin versions 4.23.81 and earlier; patch released October 15 About 50,000 sites ...

Cybersecurity researchers have found a critical vulnerability affecting millions of WordPress websites which could grant attackers full control over the vulnerable website. Security professionals from ...

AUSTIN, Texas--(BUSINESS WIRE)--WP Engine, the WordPress digital experience platform, today announced the launch of Global Edge Security, an enterprise-class advanced security solution built from ...

A cyber-criminal has hidden the code for a PHP backdoor inside the source code of a WordPress plugin masquerading as a security tool named "X-WP-SPAM-SHIELD-PRO." The attacker was obviously trying to ...