WordPress Security Blog
Weekly vulnerability reports, security tips, and WordPress security news to keep your site safe.
WordPress 7.0 Release Candidate 1
The first Release Candidate (“RC1”) for WordPress 7.0 is ready for download and testing! This version of the WordPress software is still under development.
WordPress 7.0 Beta 5
WordPress 7.0 Beta 5 is ready for download and testing! This version of the WordPress software is still under development.
WordPress 6.9.4 Release
WordPress 6.9.4 is now available WordPress 6.9.2 and WordPress 6.9.3 were released yesterday, addressing 10 security issues and a bug that affected template file loading on a limited number of sites. The WordPress Security Team has discovered that not all of the security fixes were fully applied, therefore 6.9.4 has been released containing the necessary […]
WordPress 6.9.3 and 7.0 beta 4
WordPress 6.9.2 was released earlier today and addressed 10 security issues. A few users have subsequently reported an issue where the front end of their site was appearing blank after updating to 6.9.2.
WordPress 6.9.2 Release
WordPress 6.9.2 is now available This is a security release that features several fixes. Because this is a security release, it is recommended that you update your sites immediately.
WordPress Security Checklist: A Complete Pre-Launch and Maintenance Guide
A comprehensive WordPress security checklist covering pre-launch hardening, ongoing maintenance, and incident response. Follow these steps to protect your site from day one.
Why WordPress Sites Get Hacked: The Most Common Reasons and How to Avoid Them
Over 90,000 WordPress sites are attacked every minute. Learn the top reasons WordPress sites get hacked and what you can do to prevent it from happening to yours.
Phishing Attacks Targeting WordPress Sites: Fake Logins, Deceptive Emails, and Credential Theft
WordPress sites are frequently used to host phishing pages or are targeted by phishing campaigns to steal admin credentials. Learn how to protect yourself.
DDoS Attacks on WordPress: How to Keep Your Site Online Under Attack
Distributed Denial of Service attacks can take your WordPress site offline by overwhelming it with traffic. Learn how they work and how to protect against them.
WordPress Malware and Backdoors: How Attackers Maintain Persistent Access
Once a WordPress site is compromised, attackers install backdoors to maintain access even after vulnerabilities are patched. Learn how to detect and remove them.