A critical unauthenticated SQL injection vulnerability in the Ally accessibility plugin puts 400,000 WordPress sites at risk. How to check if you’re affected, how to update, and what to do if you were already compromised.
Seven concrete security checks you can run on any WordPress site in under 5 minutes: SSL certificate status, security headers, exposed sensitive files, PHP version, external JavaScript sources, user roles, and file permissions.
Even seasoned WordPress developers make predictable security mistakes: nonce misuse, missing capability checks, SQL injection via $wpdb, incorrect file permissions, debug mode in production, no direct file access protection, and gaps in sanitization and escaping. This guide shows each mistake with the wrong pattern and the correct fix.
A practical guide for developers and site owners on hardening WordPress against malware infections and crypto mining scripts – covering server hardening, file monitoring, mu-plugin security, wp-config hardening, malware detection techniques, and signs your site has been compromised.
Weekly analysis of WordPress vulnerabilities reported between February 23 and March 1. Covers critical and high-severity issues, affected plugins, CVE details, and the action items site owners need to take immediately.
