Web Site security is a mindset and an ever increasing source of anxiety for developers who see “[Big company] Web Site Hacked”...

mask.of.sanity quotes a report from The Register: Up to a quarter of all websites on the internet could have been breached through a since-patched vulnerability that allowed WordPress' core update server to be compromised. The since-shuttered remote code ...

CVE 2017 8295 discovered by Dawid Golunski, Medium/High vulnerability still not fixed in 4.8.1. This issue has been reported to WordPress security team multiple times with the first report sent back in July 2016. It was reported both directly via security... (more…)

Love databases, indexing, and Elasticsearch gymnastics? Greg Brown walks us through the indexing sausage factory on WordPress.com. (more…)

At Wordfence, we continually look for security vulnerabilities in the third party plugins and themes that are widely used by the WordPress community. In addition to this research, we regularly examine WordPress core and the related wordpress.org systems. ...