WordPress Plugin Developer Security Advisory: Awesome Motive
One of the little understood realities of security issues with WordPress plugins is that the insecurity of them is not evenly spread across those plugins. Instead, many developers are properly securing...
View ArticleMatt Mullenweg Claims WordPress is Meritocracy Where Ideas Can Be Debated...
In a post yesterday, we covered that those in charge of WordPress didn’t know how people could appeal being banned from WordPress. That came during a question and answer stream with the new Executive...
View ArticleClik here to view.
WPScan Ignores That Security Issue From Website of Their Boss, Matt...
Two days ago, a news story about WordPress websites being hacked was published titled “Hunk Companion WordPress plugin exploited to install vulnerable plugins.” The last part of that is important, but...
View ArticleComplaints About “AI Slop” Vulnerability Reports Ignore That Security...
Despite billions and billions being spent on security, security remains bad. That applies to software in general and with WordPress plugins. Maybe more money needs to be spent, but it is more likely...
View ArticleWordPress Plugin Developer Security Advisory: ThemeHunk
One of the little understood realities of security issues with WordPress plugins is that the insecurity of them is not evenly spread across those plugins. Instead, many developers are properly securing...
View ArticleWordfence and WPScan Falsely Claim Closed WordPress Plugin Contains Serious...
We are currently looking in to yet another problem with handling of security by Awesome Motive and the Security Reviewer from the WordPress Plugin Review Team. In doing that, we ran across another...
View ArticleArs Technica’s Dan Goodin Doesn’t Do Journalism and Instead Makes Up Override...
As far as we are aware, Ars Technica is considered a reliable news outlet. That is despite having someone covering security, Dan Goodin, who has a long track record of making things up, and generally...
View ArticleWordPress Plugin Review Team Security Reviewer Chris Christoff is Failing to...
Last week we released an advisory warning people to avoid plugins from Awesome Motive due to repeated inability or unwillingness to fully fix security issues and vulnerabilities in their plugins. One...
View ArticleMatt Mullenweg Finally Claims on WordPress.org That He Owns It, While Making...
Since Matt Mullenweg started trying to extort WP Engine, the issue of who owns and controls the website for WordPress, WordPress.org, has come up again and again. Curiously, Matt Mullenweg has claimed...
View ArticleLocking Down Security With WooCommerce Plugins Involves Assessing Its...
We just soft launched a new option for searching for WordPress plugins. As part of making sure we produced the best tool we can, we revisited another option launched last year, Ploogins, which we...
View ArticleClik here to view.
Matt Mullenweg’s Lawyers Claim WordPress News Blog Posts “Lack the...
Once you log in to the backend of a WordPress website, one of the things you then you see by default is a widget showing the latest WordPress “News.” What you actually get is very different. Late last...
View ArticleAutomattic Employee Changed WordPress Plugin Directory Search Algorithm to...
As part of working on our Plugin Security Scorecard last year, we spent a fair amount of time using the search functionality of the WordPress Plugin Directory. Through that, we again and again ran...
View ArticleThe New Executive Director of WordPress.org is Now Claiming to Only Spend 5...
When it comes to the security problems with WordPress plugins, as well as many other problems with WordPress, the project’s lack of proper governance is a key problem. In addition to Matt Mullenweg,...
View ArticleClik here to view.
New Executive Director of WordPress.org Now Credited as Author of...
Last week, Automattic announced that they would be reducing how many hours they claim to contribute to the WordPress project under the Five for the Future program. (The accuracy of the Five for the...
View ArticleMatt Mullenweg Will Again Be “Community Member” Ultimately Responsible for...
Recently the head of WordPress, Matt Mullenweg, was complaining about the time and energy he was having to expend on the project. If this wasn’t performative, you would reasonably expect that he would...
View ArticleJournalists Once Again Focus on WordPress While Ignoring That Sucuri Failed...
While WordPress has very real security problems, often news coverage related to hacked WordPress websites involves a focus on WordPress, while ignoring the more pertinent problem, security companies...
View ArticleAudrey Capital Employee Samuel “Otto” Woods Closed Discussion About WordPress...
Last week Automattic, the company from the head of WordPress Matt Mullenweg, announced they were going to contribute less to WordPress. In doing that, they complained that “we’ve observed an imbalance...
View ArticleClik here to view.
WordPress Security Header Plugins Still Claiming to Provide Protection With...
In looking into complaints about the search functionality of the WordPress Plugin Directory recently, a common complaint we saw is that new plugins don’t get promoted. As part of an alternative search...
View ArticleDeveloper of 1+ Million Install WordPress Plugin Hasn’t Addressed All Known...
We release advisories warning about WordPress plugin developers who have a repeated track record of failing to handle security well. A reasonable question to ask is if a backward-looking determination...
View ArticleHow Not to Defend Yourself Against the Latest WordPress Malware Attack
Yesterday, as part of an odd series of stories about a malware campaign claimed to be connected to WordPress, the news outlet Make Use Of, which is included in Google News, ran a story titled “How to...
View Article