Three high-severity WordPress vulnerabilities are under active exploitation right now — Ninja Forms file upload, Kali Forms, and Perfmatters file deletion. Here is what got disclosed between April 6 and April 18, who is affected, and the exact steps to take in the next 10 minutes if you run any of them.
A critical unauthenticated SQL injection vulnerability in the Ally accessibility plugin puts 400,000 WordPress sites at risk. How to check if you’re affected, how to update, and what to do if you were already compromised.
Seven concrete security checks you can run on any WordPress site in under 5 minutes: SSL certificate status, security headers, exposed sensitive files, PHP version, external JavaScript sources, user roles, and file permissions.
Weekly analysis of WordPress vulnerabilities reported between February 23 and March 1. Covers critical and high-severity issues, affected plugins, CVE details, and the action items site owners need to take immediately.
10 essential WordPress security tweaks at the wp-config.php and server level. Salt regeneration, file editing lockdown, security headers, XML-RPC blocking, IP restriction, and more.
