Category: Security Advice

Welcome to Patchstack’s “Last Patch”. This is a short series of blog posts where we will be discussing and patching unpatched security bugs in open-source projects. With an initial focus on plugins found in the WordPress.org plugin repository This post will review the webmaster-tools-verification plugin. This plugin was first created in 2009 and is extremely simple […]

Welcome to Patchstack’s “Last Patch”. This is a short series of blog posts where we will be discussing and patching unpatched security bugs in open-source projects. With an initial focus on plugins found in the WordPress.org plugin repository Today I will be discussing how to address an unauthenticated remote code execution vulnerability in the member-hero plugin. […]

Welcome to Patchstack’s “Last Patch”. This is a short series of blog posts where we will be discussing and patching unpatched security bugs in open source projects. With an initial focus on plugins found in the WordPress.org plugin repository The troubling truth is some open source projects do not receive patches when security bugs are […]

Abandonware is a silent security risk. With no developer or project lead to address bugs, especially security bugs, you are running code that has no support. If, or when, a security bug is found in an unsupported or abandoned project, then the users who rely on that project will be left with no recourse. They […]

This article shares some light on how WordPress hosting companies can increase their recurring revenue by sending out WordPress security alerts. The majority of security vulnerabilities in the WordPress ecosystem originate from plugins and themes. In fact, based on the WordPress security 2021 whitepaper where every known security vulnerability was counted, over 99% originated from […]

In this article, we won’t dive into technical details, but try to address a common misconception instead. We will explain what website security is in general, how to secure WordPress and answer the question – is WordPress secure? As per calculations, approximately 380 new websites are created every minute. However, the actual number of new websites being created every […]

With nearly a decade of working on WordPress security and website security, we’ve probably seen every kind of attack you could imagine. Some breaches are obvious while many might go undetected for months or even longer. This makes it harder to pinpoint the exact reason why the site was hacked in the first place. Criminals […]

The WP-VCD malware for WordPress has existed for many years. It mainly spreads by injecting itself into legitimate plugins and themes after which it will spread itself on sites that offer downloads to (nulled) WordPress plugins and themes. We noticed that during the corona-virus pandemic, the WP-VCD malware has also started injecting itself into plugins that can […]

The worst possible time to suffer an attack or data breach is on Christmas. This article explains why you need to protect websites before the winter holidays. It’s the time we spend a lot of time away from work, with family and friends, vacationing, and drinking hot chocolate in front of a fireplace. So what […]

This guide will help you give answers to the question – has my WordPress site been hacked? WordPress sites get hacked all the time, so you need to make sure that you can recognise the signs of a hack as soon as possible. To try and aid with this, we’re looking at some of the […]