Exciting work is being done with regards to the WordPress auto-update system that allows the WordPress team to sign each update. That signature can be verified by each WordPress installation to guarantee you're installing the actual WordPress update an...Read more »
WordPress 4.7.2 post mortem
A few weeks ago, WordPress released version 4.7.2 to
address several security vulnerabilities, including one critical one.
This vulnerability allowed a remote, unauthorised attack to update web pages via
the REST API. Since then, hundreds of thousands of … Read more
At Wordfence, we continually look for security vulnerabilities in the third party plugins and themes that are widely used by the WordPress community. In addition to this research, we regularly examine WordPress core and the related wordpress.org systems. ...Read more »
I started to sell WordPress themes at the start of the "gold rush" when premium themes first emerged. These are the lessons learned – so you can avoid them.Read more »