Security Weekly

Weekly website security lessons brought to you by The Admin Bar in partnership with Patchstack

Week 27

How to Use PassKeys for WordPress Authentication

In the previous two episodes, I covered the importance of password managers and why 2-factor authentication is equally important. What about if a password is not needed at all or when you …

Week 26

Getting Started with Multi-Factor Authentication (2FA/MFA)

In the last weekly, we covered the importance of password managers. While making sure to not re-use passwords is improving your security posture significantly – it’s still possible for hackers to figure …

Week 25

Getting Started with Access Management (Password Managers)

One of the most basic security related question I’m constantly being asked is “What password manager should I use?”. This mostly comes from people who have not yet done much for their …

Week 24

How to Deal with Incoming Security Reports

Sometimes developers and security researchers find bugs accidentally or when intentionally testing software security. If they are ethical, they would then report these security issues to the software vendor so they could …

Week 23

Are Your WordPress Sites Really Isolated From Each Other?

We’ve touched the topic of site isolation in February on an episode covering server level security. A few days ago, Vladimir Smitka, a well known Czech security researcher in the WordPress ecosystem, …

Week 22

How to Make the WordPress Development Process Safer

In the recent weeks, we’ve talked a lot about what to avoid when building websites. This week, let’s cover the basics of a professional WordPress website development and how correct workflows can …

Week 21

Why You Should Avoid Nulled WordPress Plugins

Every once and a while, I see a new GPLClub-like marketplace, that is selling nulled premium WordPress plugins for a fraction of the original price. While these marketplaces are not illegal, they …

Week 20

Why You Should Avoid Abandoned WordPress Plugins

Something that has been coming up a lot lately is the issue of abandoned WordPress plugins and themes. Since around 30% of security vulnerabilities reported in plugins won’t get patched, people have …

Week 19

How to Automate WordPress Security for Care Plans

In the previous two issues of Security Weekly we’ve talked about the importance of WordPress maintenance plans and why the essential maintenance and security plan has to come with every professionally built …

Week 18

How to Set Up a WordPress Maintenance Service

When it comes to security, maintenance is essential. When ever a company or a person reaches out to an agency or a freelancer to get a website designed and built for them …

Week 17

How to Help Customers Understand Security

We talked about security responsibilities in the 11th issue of Security Weekly. This week, let’s take a closer look into how the security responsibility should be communicated to the website owners, so …

Week 16

Supply Chain Security Risks in WordPress Plugins

In March 2024, WordPress 6.5 introduced a feature called plugin dependencies. As you may know, there are many plugins which are essentially add-ons for other plugins. The plugin dependencies feature of WordPress …