“Display Widgets” WordPress Plugin (200,000+ Installs) Spam

Note: This post has a detailed follow-up which discusses the identity of the person behind the Display Widgets plugin spam and spam from other plugins. If you have a plugin called “Display Widgets” on your WordPress website, remove it immediately. The las… Read more


WordPress to get secure, cryptographic updates

Exciting work is being done with regards to the WordPress auto-update system that allows the WordPress team to sign each update. That signature can be verified by each WordPress installation to guarantee you're installing the actual WordPress update an...

Read more »