How to Use PassKeys for WordPress Authentication
In the previous two episodes, I covered the importance of password managers and why 2-factor authentication is equally important. What about if a password is not needed at all or when you …
Getting Started with Multi-Factor Authentication (2FA/MFA)
In the last weekly, we covered the importance of password managers. While making sure to not re-use passwords is improving your security posture significantly – it’s still possible for hackers to figure …
Getting Started with Access Management (Password Managers)
One of the most basic security related question I’m constantly being asked is “What password manager should I use?”. This mostly comes from people who have not yet done much for their …
How to Deal with Incoming Security Reports
Sometimes developers and security researchers find bugs accidentally or when intentionally testing software security. If they are ethical, they would then report these security issues to the software vendor so they could …
Are Your WordPress Sites Really Isolated From Each Other?
We’ve touched the topic of site isolation in February on an episode covering server level security. A few days ago, Vladimir Smitka, a well known Czech security researcher in the WordPress ecosystem, …
How to Make the WordPress Development Process Safer
In the recent weeks, we’ve talked a lot about what to avoid when building websites. This week, let’s cover the basics of a professional WordPress website development and how correct workflows can …
Why You Should Avoid Nulled WordPress Plugins
Every once and a while, I see a new GPLClub-like marketplace, that is selling nulled premium WordPress plugins for a fraction of the original price. While these marketplaces are not illegal, they …
Why You Should Avoid Abandoned WordPress Plugins
Something that has been coming up a lot lately is the issue of abandoned WordPress plugins and themes. Since around 30% of security vulnerabilities reported in plugins won’t get patched, people have …
How to Automate WordPress Security for Care Plans
In the previous two issues of Security Weekly we’ve talked about the importance of WordPress maintenance plans and why the essential maintenance and security plan has to come with every professionally built …
How to Set Up a WordPress Maintenance Service
When it comes to security, maintenance is essential. When ever a company or a person reaches out to an agency or a freelancer to get a website designed and built for them …
How to Help Customers Understand Security
We talked about security responsibilities in the 11th issue of Security Weekly. This week, let’s take a closer look into how the security responsibility should be communicated to the website owners, so …
Supply Chain Security Risks in WordPress Plugins
In March 2024, WordPress 6.5 introduced a feature called plugin dependencies. As you may know, there are many plugins which are essentially add-ons for other plugins. The plugin dependencies feature of WordPress …