WordPress Security Blog
Weekly vulnerability reports, security tips, and WordPress security news to keep your site safe.
WordPress Vulnerability Report: May 17 – May 24, 2026
81 WordPress vulnerabilities disclosed between May 17 – May 24, 2026. 8 critical, 20 high severity. 2 patched, 79 unpatched.
WordPress Vulnerability Report: May 9 – May 16, 2026
104 WordPress vulnerabilities disclosed between May 9 – May 16, 2026. 6 critical, 23 high severity. 1 patched, 103 unpatched.
WordPress Vulnerability Report: May 1 – May 8, 2026
96 WordPress vulnerabilities disclosed between May 1 – May 8, 2026. 6 critical, 35 high severity. 1 patched, 95 unpatched.
WordPress Vulnerability Report: April 15 – April 16, 2026
24 WordPress vulnerabilities disclosed between April 15 – April 16, 2026. 2 critical, 4 high severity. 0 patched, 24 unpatched.
WordPress Vulnerability Report: April 8 – April 15, 2026
106 WordPress vulnerabilities disclosed between April 8 – April 15, 2026. 6 critical, 18 high severity. 0 patched, 106 unpatched.
WordPress Vulnerability Report: April 1 – April 8, 2026
40 WordPress vulnerabilities disclosed between April 1 – April 8, 2026. 2 critical, 12 high severity. 0 patched, 40 unpatched.
WordPress 6.9.2 Release
WordPress 6.9.2 is now available This is a security release that features several fixes. Because this is a security release, it is recommended that you update your sites immediately.
SSL Certificates Explained: Why HTTPS Is Non-Negotiable for Every Website
SSL certificates encrypt data between your visitors and your server, protect against man-in-the-middle attacks, and are now a Google ranking factor. Here's everything you need to know.
How Security Headers Protect Your Website: A Non-Technical Guide
Security headers are your website's first line of defense against common attacks. Learn what each header does, why they matter, and how to check if your site has them.
WordPress Security Checklist: A Complete Pre-Launch and Maintenance Guide
A comprehensive WordPress security checklist covering pre-launch hardening, ongoing maintenance, and incident response. Follow these steps to protect your site from day one.