Searchenginejournal.com

WordPress Plugins Compromised At The Source – Supply Chain Attack

Typically what happens is that a plugin contains a weakness (a vulnerability) that allows an attacker to compromise individual sites that use that version of a plugin. But these compromises are ...
TechCrunch

Automattic says it will reduce its contribution to WordPress core project to match WP Engine

It’s a new year, but drama in the WordPress community keeps going. Automattic, the company that runs WordPress.com, said that it would reduce its contribution to WordPress core, the open source ...
InfoWorld

The makers and takers of WordPress

The idea of open-source software seems kind of nuts. Millions (billions?) of lines of code doing all kinds of amazing things and available for free? That sounds too good to be true. But it is true.
Searchenginejournal.com

WordPress Just Locked Down Security For All Plugins & Themes

WordPress announced a major clampdown to protect its theme and plugin ecosystem from password insecurity. These improvements follow a flurry of attacks in June that compromised multiple plugins at the ...
ZDNet

What WordPress users need to know about the Automattic and WP Engine conflict

A long, long time ago, I built websites by hand using the vi editor to write HTML. It was hard. Then along came NoteTab and Bluefish, which made writing and editing HTML easier but still a pain.
Bleeping Computer

WordPress fixes POP chain exposing websites to RCE attacks

WordPress has released version 6.4.2 that addresses a remote code execution (RCE) vulnerability that could be chained with another flaw to allow attackers run arbitrary PHP code on the target website.