Mess Involving WordPress Partner HackerOne Highlights a Major Problem With...
Originally, bug bounty programs were helpful to improve security for a couple of reasons that had nothing to do with payouts for vulnerabilities. They provided a clear method to report security issues...
View ArticlePlugin Security Scorecard October Results
October was the second full month our Plugin Security Scorecard was available. A fair amount of plugins were checked. A total of 176 plugins were checked last month. With 9 of those plugins being...
View ArticleThe Various Rationales Put Forward by Matt Mullenweg and His Lawyers for His...
When Matt Mullenweg announced a takeover of WP Engine’s Advanced Custom Fields (ACF) on October 12, he cited the guidelines of the WordPress Plugin Directory for doing that: On behalf of the WordPress...
View ArticleComment From WordPress Core Contributor Helps to Explain Why WordPress Has...
WordPress has long had a reputation for poor security. The reality behind that is that many of the claims about poor security are not true and that real security issues haven’t gotten attention or...
View ArticleWordPress Plugin Security Review: WP API Privacy
As part of the ongoing situation between Matt Mullenweg and the WordPress community, there has increased concern about various aspects of WordPress. One area of concern is what information is being...
View ArticleWordfence and “Security News” Outlets Falsely Claim 4 Million WordPress...
For reasons we have never understood, various websites portraying them as security news outlets are treated a reliable news outlets, despite not really being news outlets. They are also included in...
View ArticleWordPress All-In-One Security and 2FA Plugins Can Get Your Website Hacked
A major source of security vulnerabilities in WordPress websites is insecure WordPress plugins. In response to that, far too many WordPress security providers push installing more plugins instead of...
View ArticleSpokesperson for WordPress.org Claims It is Committed to “Continued”...
If you have followed what is going on with WordPress recently, a word that wouldn’t be something you would use to describe things would be transparency. And yet an unnamed “WordPress.org spokesperson”...
View ArticlePlugin Security Scorecard November Results
November was the fourth full month our Plugin Security Scorecard was available. A fair amount of plugins were checked. A total of 78 plugins were checked last month. With 17 of those plugins being...
View ArticleAutomattic Apparently Manages the WordPress.org Infrastructure
Because of recent actions taken by Matt Mullenweg, the control of WordPress.org has become a big security concern. It continues to be unclear who actually is in control of it. Lawyers representing Matt...
View ArticleClik here to view.
For the Second Time This Year, Automattic’s Top Lawyer Has Left
Last week’s hearing on a preliminary injunction in the legal case between Matt Mullenweg/Automattic and WP Engine featured an Automattic lawyer we hadn’t heard mentioned before. That would be their...
View ArticleMember of WordPress Plugin Review Team Anonymously Criticizes ACF Pro...
One of the unfortunate realities of the current situation with WordPress is that the problems surfaced are hardly limited to Matt Mullenweg. Long ago, the people controlling areas of WordPress that we...
View ArticleMatt Mullenweg Signed WordPress Foundation Trademark Application as “CEO”,...
Former direct employee of Matt Mullenweg, Samuel Sidler, wrote an interesting post about the unclear ownership of the Openverse, which is a WordPress project. One piece of the story ties into something...
View ArticleThe Executive Director of WordPress.org Works For Automattic, Not WordPress
Back in 2019, Matt Mullenweg announced a new role, the Executive Director of WordPress, without disclosing the role was being filled by someone working for his for-profit company Automattic. When that...
View ArticleAutomattic Isn’t Sponsoring 3,500 Hours a Week to the Maintenance of...
While WordPress is an open source project, there is so much that isn’t open and transparent about it. That includes one team that largely operates anonymously, seemingly to avoid people being able to...
View ArticleWordfence and “News” Outlets Recommend Updating WordPress Plugin to Version...
What we see over and over is that WordPress security providers and supposed journalists are focused on getting themselves attention while failing to provide useful information that would make WordPress...
View ArticleWordPress Plugin Security Won’t Improve as Long as Plugin Developers Can Be...
When security vulnerabilities are discussed, the term responsible disclosure often comes up. It is a rather perverse term, since responsible disclosure is based on the idea that software developers do...
View ArticleMatt Mullenweg Shuts Down Conversation on Addressing His Employees Abusive...
Recently the new Executive of WordPress.org Mary Hubbard did a question and answer Zoom stream with Matt Mullenweg. WordPress focused news outlets covered this in a rather unquestioning way (no...
View ArticleThe WordPress Plugin Directory Is Permitting Awesome Motive to Obfuscate...
As part of our effort to create a better understanding in the WordPress community of the handling of security by the developers of plugins through our new Plugin Security Scorecard, we are trying to...
View ArticlePeople in Charge of WordPress Don’t Know How Someone Can Appeal Being Banned...
Recently the new Executive of WordPress.org Mary Hubbard, did a question and answer Zoom stream with Matt Mullenweg. WordPress focused news outlets covered this in a rather unquestioning way (no...
View Article