
What is Local File Inclusion Vulnerability?
Local File Inclusion (LFI) is a type of vulnerability in web applications that occurs when an attacker manipulates the application into including files from the server’s filesystem. What Causes a Local File …

What is Cross-Site Request Forgery?
Let’s talk about Cross-Site Request Forgery. It’s a common security vulnerability that might have affected your website as well. In fact, according to the 2022 State of WordPress Security Report, Cross-Site Request …

What is a Broken Access Control Vulnerability?
This week, let’s dive into broken access control vulnerabilities. It’s probably one of the most self-explanatory vulnerability types, as it arises from—you guessed it—broken access control. More specifically, these vulnerabilities occur when …

What is a Cross-Site Scripting (XSS) Vulnerability?
Cross-Site Scripting is one of the most common security vulnerabilities found in WordPress plugins over the years. In 2023, XSS ranked #1 as the most common vulnerability in the WordPress ecosystem, with …

What is an SQL Injection Security Vulnerability?
In our 15th TAB Security Weekly, we explored some of the most dangerous vulnerabilities commonly exploited in WordPress plugins. However, there are many different types of vulnerabilities we haven’t covered yet. With …

WordPress Security Through Obscurity?
Occasionally, we still encounter people who passionately recommend security measures that offer questionable value. Many of these recommendations fall into the category of security through obscurity. This week, let’s discuss some of …

Is Headless WordPress more secure?
Terms like headless architecture, Jamstack, or Composable often pop up during discussions about the future of the web. While those terms differ a bit from each other, they all circle around decoupling …

Getting Started with WordPress Incident Response (Pt. 3)
In the previous posts (part 1 & part 2), we explored the critical steps of preparing for a potential hack on your WordPress site, including the initial triage phase and the comprehensive …

Getting Started with WordPress Incident Response (Pt. 2)
In the previous post, we explored the importance of being prepared for a potential hack on your WordPress site, discussed the Incident Response (IR) plan phases, and dive deeper into the triage …

Getting Started with WordPress Incident Response
In previous episodes, we have extensively covered one of the key aspects of security: the proactive approach (or safeguards). This includes all the measures related to good security hygiene and posture to …

How to Use PassKeys for WordPress Authentication
In the previous two episodes, I covered the importance of password managers and why 2-factor authentication is equally important. What about if a password is not needed at all or when you …

Getting Started with Multi-Factor Authentication (2FA/MFA)
In the last weekly, we covered the importance of password managers. While making sure to not re-use passwords is improving your security posture significantly – it’s still possible for hackers to figure …