SI CAPTCHA Anti-Spam Plugin Permanently Removed from WordPress.org Due to Spam Code

The SI CAPTCHA Anti-Spam plugin has been removed from the WordPress Directory due to its author including spam code. The plugin added a CAPTCHA image test to WordPress forms to prevent spam and was compatible with forms generated by bbPress, BuddyPress, Jetpack, and WooCommerce. It had more than 300,000 active installs at the time of removal. Mike Challis, the original …

WordPress 4.8.2 Patches Eight Security Vulnerabilities

WordPress 4.8.2 is available for download and users are encouraged to update as soon as possible. This release patches eight security vulnerabilities and has six maintenance related fixes. Hardening was also added to WordPress core to prevent plugins and themes from accidentally causing a vulnerability through $wpdb->prepare() which can create unexpected and unsafe queries leading to potential SQL injection (SQLi). …

Display Widgets Plugin Permanently Removed from WordPress.org Due to Malicious Code

Display Widgets, a plugin with more than 200,000 active installs, has been removed from WordPress.org due to its authors inserting malicious code. SEO consultant David Law was the first to bring this issue to the attention of the plugin team after discovering that Display Widgets was inserting content into sites from external servers and also collecting visitor data without permission. …

Equifax Launches WordPress-Powered Site for Consumers Affected by Security Breach

photo credit: Lock – (license) Equifax has launched a WordPress-powered website to connect with consumers affected by its recent security breach, which compromised 143 million customers’ personal data. The exposed data includes names, birth dates, social security numbers, addresses, credit card numbers, driver’s license numbers, and other sensitive financial information. The equifaxsecurity2017.com site was launched shortly after disclosure to give …

The Ultimate Guide to WordPress Security

Hackers attack WordPress sites both big and small with over 90,978 attacks happening per minute. Fortunately, there are numerous ways you can protect your WordPress site. Today, I want to share with you how you can make your WordPress site’s security air tight with basic through to advanced techniques. I’ll also explore how WordPress can […] View original post at …

Defender Security Plugin Now Available for Free at WordPress.org

WordPress security shouldn’t just be for those who pay the big bucks for “real” protection. Professional grade security should be easy, free and available for everyone. That’s why we’re excited to announce our Defender security plugin is now FREE to download at WordPress.org. We know there’s a heap of worry around keeping WordPress safe, especially […] View original post at …

How to Fix “Not Allowed to Access this Page” Error in WordPress

Picture this: You’re working away on your WordPress site and then bam! You see this puzzling and face contorting error: “How is this even a thing?” you quietly shout. “I am allowed to access this page. I’m the admin!” The frustration continues when you realize the fix isn’t so cut and dry since there are multiple […] View original post at …

WordPress 4.7.5 Patches Six Security Issues, Immediate Update Recommended

WordPress 4.7.5 was released today with fixes for six security issues. If you manage multiple sites, you may have seen automatic update notices landing in your inbox this evening. The security release is for all previous versions and WordPress is recommending an immediate update. Sites running versions older than 3.7 will require a manual update. The vulnerabilities patched in 4.7.5 …

WordPress Is Now on HackerOne, Launches Bug Bounties

WordPress now has its own official HackerOne account where security researchers can responsibly disclose vulnerabilities to the security team. The project’s page was previously listed under Automattic’s profile before HackerOne launched its free community edition for open source projects. WordPress has now transitioned to its own account, which also includes sister projects BuddyPress, bbPress, GlotPress, and WP-CLI, along with all …