Security Weekly

Weekly website security lessons brought to you by The Admin Bar in partnership with Patchstack

Week 37

What is Local File Inclusion Vulnerability?

Local File Inclusion (LFI) is a type of vulnerability in web applications that occurs when an attacker manipulates the application into including files from the server’s filesystem. What Causes a Local File …

Week 36

What is Cross-Site Request Forgery?

Let’s talk about Cross-Site Request Forgery. It’s a common security vulnerability that might have affected your website as well. In fact, according to the 2022 State of WordPress Security Report, Cross-Site Request …

Week 35

What is a Broken Access Control Vulnerability?

This week, let’s dive into broken access control vulnerabilities. It’s probably one of the most self-explanatory vulnerability types, as it arises from—you guessed it—broken access control. More specifically, these vulnerabilities occur when …

Week 34

What is a Cross-Site Scripting (XSS) Vulnerability?

Cross-Site Scripting is one of the most common security vulnerabilities found in WordPress plugins over the years. In 2023, XSS ranked #1 as the most common vulnerability in the WordPress ecosystem, with …

Week 33

What is an SQL Injection Security Vulnerability?

In our 15th TAB Security Weekly, we explored some of the most dangerous vulnerabilities commonly exploited in WordPress plugins. However, there are many different types of vulnerabilities we haven’t covered yet. With …

Week 32

WordPress Security Through Obscurity?

Occasionally, we still encounter people who passionately recommend security measures that offer questionable value. Many of these recommendations fall into the category of security through obscurity. This week, let’s discuss some of …

Week 31

Is Headless WordPress more secure?

Terms like headless architecture, Jamstack, or Composable often pop up during discussions about the future of the web. While those terms differ a bit from each other, they all circle around decoupling …

Week 30

Getting Started with WordPress Incident Response (Pt. 3)

In the previous posts (part 1 & part 2), we explored the critical steps of preparing for a potential hack on your WordPress site, including the initial triage phase and the comprehensive …

Swweek 29

Getting Started with WordPress Incident Response (Pt. 2)

In the previous post, we explored the importance of being prepared for a potential hack on your WordPress site, discussed the Incident Response (IR) plan phases, and dive deeper into the triage …

Week 28

Getting Started with WordPress Incident Response

In previous episodes, we have extensively covered one of the key aspects of security: the proactive approach (or safeguards). This includes all the measures related to good security hygiene and posture to …

Week 27

How to Use PassKeys for WordPress Authentication

In the previous two episodes, I covered the importance of password managers and why 2-factor authentication is equally important. What about if a password is not needed at all or when you …

Week 26

Getting Started with Multi-Factor Authentication (2FA/MFA)

In the last weekly, we covered the importance of password managers. While making sure to not re-use passwords is improving your security posture significantly – it’s still possible for hackers to figure …