Backdoor plugin hijacks WordPress sites with admin access, stealth reinfection, and JS ad fraud—active since Jan 2025.

A new malware campaign is targeting WordPress websites by using a malicious plugin that pretends to be a security tool. This ...

A new malware campaign targeting WordPress sites employs a malicious plugin disguised as a security tool to trick users into ...

New WordPress malware disguised as a plugin gives attackers persistent access and injects malicious code enabling administrative control ...

Threat actors have exploited a zero-day vulnerability in Craft CMS to execute PHP code on hundreds of websites.

Moroccan authorities have warned WordPress users about a critical security flaw in a popular plugin. The General Directorate ...

WordPress out-of-the-box struggles to analyze content relevancy and can be very slow. ElasticPress supercharges your WordPress website making for happier users and administrators. The plugin even ...

The Progress Planner WordPress plugin has announced a new integration with Yoast SEO, enabling users to take full advantage of Yoast’s features to maximize website search performance.

Wonolog is a Composer package (not a plugin) that allows to log anything that happens in a WordPress site. Wonolog should be installed via Composer, it's available on packagist.org package name is ...

Hackers are abusing the “Must-Use” plugins (MU-plugins) feature to hide malicious code and maintain ... via an out-of-date WordPress plugin, or weak password). Once an attacker has gained access, they ...