New Plugin Makes WordPress Core Updates More Secure by Requiring Cryptographic Signature Verification

In 2016, WordFence published their findings of a vulnerability that could have compromised the servers that are used to send out WordPress updates. It turned out to be a complex, obscure vulnerability that ignited a conversation surrounding the security of api.wordpress.org and what could happen if the servers were compromised. One idea that was brought forth is to digitally sign …