Security Weekly

Weekly website security lessons brought to you by The Admin Bar in partnership with Patchstack

Week 25

Getting Started with Access Management (Password Managers)

One of the most basic security related question I’m constantly being asked is “What password manager should I use?”. This mostly comes from people who have not yet done much for their …

Week 24

How to Deal with Incoming Security Reports

Sometimes developers and security researchers find bugs accidentally or when intentionally testing software security. If they are ethical, they would then report these security issues to the software vendor so they could …

Week 23

Are Your WordPress Sites Really Isolated From Each Other?

We’ve touched the topic of site isolation in February on an episode covering server level security. A few days ago, Vladimir Smitka, a well known Czech security researcher in the WordPress ecosystem, …

Week 22

How to Make the WordPress Development Process Safer

In the recent weeks, we’ve talked a lot about what to avoid when building websites. This week, let’s cover the basics of a professional WordPress website development and how correct workflows can …

Week 21

Why You Should Avoid Nulled WordPress Plugins

Every once and a while, I see a new GPLClub-like marketplace, that is selling nulled premium WordPress plugins for a fraction of the original price. While these marketplaces are not illegal, they …

Week 20

Why You Should Avoid Abandoned WordPress Plugins

Something that has been coming up a lot lately is the issue of abandoned WordPress plugins and themes. Since around 30% of security vulnerabilities reported in plugins won’t get patched, people have …

Week 19

How to Automate WordPress Security for Care Plans

In the previous two issues of Security Weekly we’ve talked about the importance of WordPress maintenance plans and why the essential maintenance and security plan has to come with every professionally built …

Week 18

How to Set Up a WordPress Maintenance Service

When it comes to security, maintenance is essential. When ever a company or a person reaches out to an agency or a freelancer to get a website designed and built for them …

Week 17

How to Help Customers Understand Security

We talked about security responsibilities in the 11th issue of Security Weekly. This week, let’s take a closer look into how the security responsibility should be communicated to the website owners, so …

Week 16

Supply Chain Security Risks in WordPress Plugins

In March 2024, WordPress 6.5 introduced a feature called plugin dependencies. As you may know, there are many plugins which are essentially add-ons for other plugins. The plugin dependencies feature of WordPress …

Week 15

Most Dangerous Vulnerabilities in WordPress Plugins

As we recently published the annual Patchstack report about WordPress security (and also covered it in the last TAB security weekly), we shared some insight into what are the most commonly found …

Week 14

State of WordPress Security – 2024 Report

This week is a little different. In the beginning of each year, we take a look at how the ecosystem has evolved and what the data shows about the current state of …