WordPress File Permissions: What They Should Be and How to Fix Them
File permissions on a WordPress site are one of those things that work fine until they don’t. Set…
File permissions on a WordPress site are one of those things that work fine until they don’t. Set…
WordPress user roles control who can do what on your site. A misconfigured role, or worse, an unnecessary…
If you run a WordPress site using the WebStack theme, there is no patch available for a critical…
A new botnet called CrawlerX is brute-forcing WordPress admin accounts using half a million residential IP addresses. Unlike…
WordPress released version 6.8.2 on April 21, fixing two stored cross-site scripting (XSS) vulnerabilities in the block editor.…
WordPress Security Checklist 2026. Keeping a WordPress site secure in 2026 isn’t about installing a single plugin and…
CVE-2026-4119 Create DB Tables. A critical authorization bypass vulnerability affects the Create DB Tables WordPress plugin. The disclosure…
A critical SQL injection flaw (CVSS 9.6) in the Contact Form CFDB7 Database Addon plugin allows unauthenticated attackers…
A step-by-step incident response guide for hacked WordPress sites. From locking down access and scanning for malware to…
On April 6, 2026, Wordfence publicly disclosed a critical unauthenticated arbitrary file upload vulnerability in the Ninja Forms…