Security – Internet, WordPress, and otherwise

2020 Year in Review: the best of WP White Security

2020 Year in Review: the best of WP White Security

2020 has been a challenging year for many. However, we have been very lucky and even though it was challenging, we’ve made the best out of it, and we turned it into a big one! So we wanted to take the time and look back at everything that happened at WP White...

read more
Episode 100: How to Lose 6 Figures the Easy Way

Episode 100: How to Lose 6 Figures the Easy Way

The recent SolarWinds attack was incredibly sophisticated. What happens when that level of sophistication targets a homebuyer during one of the largest transactions of their lifetime? On this episode, we tell the story of an extremely difficult-to-detect spearphishing...

read more
Hacking WordPress websites & stealing WordPress passwords

Hacking WordPress websites & stealing WordPress passwords

A detailed explanation of how attackers use Man-in-the-Middle (MitM) to hack WordPress websites and login credentials. This article is for educational purposes only. Like any other web application with a login form, WordPress submits your username and password in an...

read more
Unauthenticated Remote Code Execution in e-signature plugin

Unauthenticated Remote Code Execution in e-signature plugin

During a recent audit we discovered an unauthenticated remote code execution in the plugin e-signature. All versions less than 1.5.6.8 are vulnerable.Disclosure / Response TimelineJanuary 7, 2021: Initial contact.January 11, 2021: Patch is live.Current State of the...

read more

WordPress Vulnerability Roundup: January 2021, Part 1

New WordPress plugin and theme vulnerabilities were disclosed during the first half of January. This post covers the recent WordPress plugin, theme, and core vulnerabilities and what to do if you run one of the vulnerable plugins or themes on your website. The...

read more
WordPress Security Updates: December 2020

WordPress Security Updates: December 2020

This article covers our public notifications related to major security issues our clients and the WordPress community should know about. We are always focused on prevention and the mitigation of risk to our clients, and keeping you updated here is part of that...

read more
Interview with Ryan Dewhurst, founder of WPScan

Interview with Ryan Dewhurst, founder of WPScan

Ryan Dewhurst is an ethical hacker and penetration tester who has dedicated many years in helping people in the WordPress community improve the security posture of their websites and protect them from malicious attackers. Ryan is the founder of WPScan, a free, black...

read more
The Month in WordPress: December 2020

The Month in WordPress: December 2020

We bid goodbye to 2020 in style with the release of WordPress 5.6 and the launch of Learn WordPress. But these weren’t the only exciting updates from WordPress in December. Read on to learn more! WordPress 5.6 is here The latest major WordPress release, version 5.6...

read more
How to safely add custom code to WordPress websites

How to safely add custom code to WordPress websites

Users are often looking for ways to tweak their websites, plugins and themes, or to add some modifications to an existing functionality. In most of these cases, you can do so by adding custom code to your WordPress website. There is nothing wrong with adding custom...

read more
Who Attacked SolarWinds and Why WordPress Users Need to Know

Who Attacked SolarWinds and Why WordPress Users Need to Know

Chloe Chamberland is a threat analyst and member of the Wordfence Threat Intelligence Team. She holds the following certifications: OSCP, OSWP, OSWE, Security+, CySA+, PenTest+, CASP+, SSCP, Associate of (ISC)2, CEH, ECSA and eWPT. Many of these are advanced...

read more

Get ALL Your SEO, WordPress & Divi News

Join Our Daily Roundup