WordPress Plugin Security Review: Two Factor
Before we start using a new WordPress plugin on our website, we do a security review of it, which led to us doing one for Two Factor. That is also now one of the plugins covered our new Continuous...
View ArticleAwesome Motive’s 3+ Million Install All in One SEO Plugin Is Tracking Usage...
The WordPress Plugin Review Team is currently considering restrictions on plugins from automatically installing additional plugins when setting up a plugin. A couple of the major offenders, when it...
View ArticleWordPress Was Going to Have a Conflict of Interest Policy, It Never Was Released
In March 2021, the Executive Director of WordPress announced that she was planning to put forward a Conflict of Interest Policy as part of a larger Contributor Handbook. In April 2022, she announced...
View ArticleFork of a Fork, the Complicated History of Library in a WordPress Plugin
As we work to expand the capabilities of our new Plugin Security Scorecard, one of our focuses is providing better security information on libraries included in plugins. That has led to us finding...
View ArticleMicrosoft Copilot Doesn’t Provide Accurate Information on Known Vulnerability...
AI has gotten a lot of attention for what it might mean for security, as well just about everything else. We were curious to see how an AI chatbot would handle processing public information about the...
View ArticleIs Automattic Really Contributing 3,950 Hours Per Week to WordPress?
On Sunday, the head of WordPress, Matt Mullenweg, used the blog of WordPress to attack a competitor of his Company Automattic. That would seem like a conflict of interest, but as we noted last week,...
View ArticleThe WordPress Plugin Review Team Has Only 14 Members, but 338 People Are...
If you want to take a favorable view of the head of WordPress Matt Mullenweg’s criticism of WP engine, he was concerned about how much they are giving back to WordPress (the way WP Engine’s lawyer...
View ArticleWho Is on the WordPress Foundation Board?
With the recent drama surrounding Matt Mullenweg’s extortion attempt of WP Engine and potential legal action resulting from that, the WordPress Foundation has been getting more attention. There is...
View ArticleAutomattic’s Matt Mullenweg Basically Admitted on Reddit That He Was Trying...
After days of WordPress and Automattic head Matt Mullenweg attacking a competitor of Automattic, WP Engine, there was a response from WP Engine as to what was going on here. That came in the form of a...
View ArticleAutomattic Employees Have Been Posting Highly Suspect Five for the Future...
Over the past two days, we have noted what appear to be large problems with the pledging of time to the WordPress Five for the Future program. That is important as the head of WordPress was criticizing...
View ArticleNo Business or Group of Individuals Is Supposed to Benefit From the WordPress...
With Matt Mulleneg’s continued expansion of attempted extortion of WP Engine and the security threat posed by that, the WordPress Foundation has come in to more focus. Notably, the WordPress Foundation...
View ArticleThe WordPress Foundation is Nothing Like the Mozilla Foundation
As part of Matt Mullenweg’s extortion attempt against WP Engine (and with his latest action, the wider WordPress community), he has claimed that there was confusion between WordPress and WP Engine. As...
View ArticleMatt Mullenweg Can Hold WordPress Plugin Developers Hostage Too
As part of Matt Mullenweg’s extortion campaign against WP Engine, he blocked off WP Engine’s customer from software updates coming from wordpress.org. In an interview he did during the weekend, he...
View ArticleOne of the Moderators of Reddit’s WordPress Forum Doesn’t Want People Know...
A fundamental issue with WordPress that has long existed, but hasn’t gotten the level of attention is deserved, is the inherent conflict of interest in Matt Mullenweg’s various roles. He isn’t alone in...
View ArticlePlugin Security Scorecard September Results
September was the second full month our Plugin Security Scorecard was available. A fair amount of plugins were checked. A total of 135 plugins were checked last month. With 13 of those plugins being...
View ArticleMatt Mullenweg’s Claim About the Revocability of the Automattic’s License of...
In an interview that Matt Mullenweg did over the weekend, which was filled with falsehoods. One false statement he said stood out because of recently uncovered information. That uncovered information...
View ArticleWhy Does Automattic Have So Much Control of WordPress When It Provides So...
As part of Matt Mullenweg’s extortion campaign against a competitor of his for-profit company Automattic, has focused on contributions to WordPress measured by the Five for the Future program. That is...
View ArticleWho or What is WordPress.org?
As Matt Mullenweg continues his extortion campaign against WP Engine, he continues to confirm that there is an extortion campaign occurring. A new post on Automattic’s website starts this way: One of...
View ArticleUntangling Matt Mullenweg’s Confusing Web of Automattic, WordPress,...
Matt Mullenweg’s extortion campaign against a competitor of his-for profit company has led more focus on the web of entities Matt Mullenweg has created and a lot of confusion between them. We are going...
View ArticleAutomattic is Now Claiming That a Non-Profit Other Than the WordPress...
There continues to be confusion over who or what actually owns WordPress and the associated wordpress.org website. Considering what has happened recently, the ownership is a big security issue. Adding...
View Article