“Display Widgets” WordPress Plugin (200,000+ Installs) Spam

Note: This post has a detailed follow-up which discusses the identity of the person behind the Display Widgets plugin spam and spam from other plugins. If you have a plugin called “Display Widgets” on your WordPress website, remove it immediately. The las… Read more


WordPress 4.7.2 post-mortem

A few weeks ago, WordPress released version 4.7.2 to address several security vulnerabilities, including one critical one. This vulnerability allowed a remote, unauthorised attack to update web pages via the REST API. Since then, hundreds of thousands of ... (more…)

Read more »