WordPress Security Blog
Weekly vulnerability reports, security tips, and WordPress security news to keep your site safe.
Why WordPress Sites Get Hacked: The Most Common Reasons and How to Avoid Them
Over 90,000 WordPress sites are attacked every minute. Learn the top reasons WordPress sites get hacked and what you can do to prevent it from happening to yours.
SQL Injection Attacks on WordPress: How Hackers Exploit Database Vulnerabilities
SQL injection remains one of the most dangerous vulnerabilities in WordPress plugins and themes. Learn how these attacks work and how to protect your database.
Cross-Site Scripting (XSS) Attacks on WordPress: How They Work and How to Prevent Them
XSS is one of the most common web vulnerabilities affecting WordPress. Learn how attackers inject malicious scripts and what you can do to protect your site.
WordPress Vulnerability Report: March 5 – March 8, 2026
61 WordPress vulnerabilities disclosed between March 5 – March 8, 2026. 4 critical, 13 high severity. 1 patched, 60 unpatched.
WordPress Vulnerability Report: February 26 – March 5, 2026
55 WordPress vulnerabilities disclosed between February 26 – March 5, 2026. 3 critical, 19 high severity. 1 patched, 54 unpatched.
WordPress Vulnerability Report: February 19 – February 26, 2026
106 WordPress vulnerabilities disclosed between February 19 – February 26, 2026. 7 critical, 21 high severity. 1 patched, 105 unpatched.
WordPress Vulnerability Report: February 12 – February 19, 2026
136 WordPress vulnerabilities disclosed between February 12 – February 19, 2026. 6 critical, 27 high severity. 3 patched, 133 unpatched.
WordPress Vulnerability Report: February 5 – February 12, 2026
82 WordPress vulnerabilities disclosed between February 5 – February 12, 2026. 3 critical, 11 high severity. 2 patched, 80 unpatched.
WordPress Vulnerability Report: January 29 – February 5, 2026
43 WordPress vulnerabilities disclosed between January 29 – February 5, 2026. 1 critical, 13 high severity. 1 patched, 42 unpatched.
WordPress Vulnerability Report: January 22 – January 29, 2026
106 WordPress vulnerabilities disclosed between January 22 – January 29, 2026. 3 critical, 17 high severity. 1 patched, 105 unpatched.