WordPress announced a major clampdown to protect its theme and plugin ecosystem from password insecurity. These improvements follow a flurry of attacks in June that compromised multiple plugins at the ...

A security flaw in the Ally WordPress plugin used on more than 400,000 sites could allow attackers to extract sensitive data without logging in.

WordPress administrators are being emailed fake WordPress security advisories for a fictitious vulnerability tracked as CVE-2023-45124 to infect sites with a malicious plugin. The campaign has been ...

Thousands of sites running WordPress remain unpatched against a critical security flaw in a widely used plugin that was being actively exploited in attacks that allow for unauthenticated execution of ...

The WordPress security team has taken a rare step last week and used a lesser-known internal capability to forcibly push a security update for a popular plugin. While robust passwords help you secure ...

WordPress versions 3.7 – 4.0 will no longer receive security updates beginning on December 1, 2022. Anyone using these out of date versions of WordPress will put their sites at risk for hacking after ...

WordPress may be one of the most popular website builders in the world, but a recent study found that it’s plagued with a wide range of substantial security vulnerabilities that never get patched.

In all, WordPress patched 10 security bugs as part of the release of version 5.5.2 of its web publishing software. WordPress released a 5.5.2 update to its ubiquitous web publishing software platform.