Supply Chain Security Risks in WordPress Plugins
In March 2024, WordPress 6.5 introduced a feature called plugin dependencies. As you may know, there are many plugins which are essentially add-ons for other plugins. The plugin dependencies feature of WordPress …
Most Dangerous Vulnerabilities in WordPress Plugins
As we recently published the annual Patchstack report about WordPress security (and also covered it in the last TAB security weekly), we shared some insight into what are the most commonly found …
State of WordPress Security – 2024 Report
This week is a little different. In the beginning of each year, we take a look at how the ecosystem has evolved and what the data shows about the current state of …
WordPress Plugins Security Vulnerability Disclosures
There have been a lot of discussions about how plugin developers should communicate security fixes to the users. In the past, it has been their decision to choose wether they want to …
WordPress Security Compliance & Regulations
Security compliance and regulations are topics that are not often discussed in the context of WordPress, but this is going to change significantly in the coming years. GDPR was one of the …
Who should take the responsibility of WordPress security?
Whenever most people discuss WordPress security, the conversation typically revolves around which security solutions to use, where to host the website, and how to keep it secure. Something that often seems missing …
Most Common WordPress Security Misconceptions
As we’ve covered the basics of WordPress security, it’s time to address some common myths and misconceptions. The internet is brimming with SEO content offering various security tips. While some advice is …
WordPress Security on Application Layer
Once you have your server ready, you’ll need to set up the application that you wish to host there. This application in our case is the WordPress and all of the different …
WordPress Security on Server Layer
Last week we talked about WordPress security on the network layer (with Cloudflare as an example). This week, we’ll look into what will happen once the traffic gets passed to the server. …
WordPress Security on the Network Layer
In the last post, we covered different layers of the WordPress attack surface. Security should always be applied on multiple layers. Today, we will be covering what you can (and should) do …
How to map the WordPress attack surface?
Before you can start setting up any security measures, you should have a clear understanding where security is even needed. To do that, you’ll first need to start mapping your attack surface. …