Posts by Robert Rowley

Pagely Security Updates

This article covers our public notifications related to major security issues our clients and the WordPress community should know about. We are always focused on prevention and the mitigation of risk to our clients, and keeping you updated here is part of…
Read The Story

Can WordPress Developers and Security Researchers get along?

The relationship between WordPress developers and security researchers has been strained for some time now. Recently it is so bad that vulnerability reporters are going rogue which is affecting site owners. In the past months we’ve seen multiple researchers drop 0-day information…
Read The Story

For Safety, the P3 Plugin Has Been Banned

We spend every April 1st playing jokes on each other that rely on comical hoaxes and abuse our trust, but make us giggle during this annual tradition. We know these fantastical stories are most likely false and intended to entertain. Stories like…
Read The Story

Pagely Security Research, and Disclosure Policy

This post is about the realities both good and bad that come with the responsibility of reporting vulnerabilities. The long days of summer are gone, fall has faded away and winter is upon us... reflecting back over the past months the Pagely…
Read The Story

WordPress 4.9.6, the Privacy Features Release

Today, the team of open source developers at WordPress have released WordPress version 4.9.6. This release includes many new privacy centric features which are so important, we're writing this post just to cover them briefly. If you want to read all of…
Read The Story

Privacy and GDPR at Pagely

Privacy is on everyone's mind and in everyone's inbox thanks to GDPR going into effect before the end of the month. Pagely has, as well, been working hard to address this new regulation and this post is to announce how we are…
Read The Story

The PHP Object Injection Odyssey

The past few months we have noticed a trend of new and increasing PHP Object Injection attacks targeting WordPress sites. In a few cases in the last months our standard incident response process was identifying sites were had just cleaned were getting…
Read The Story

How to Address Object Injection Vulnerabilities in PHP

I have been discussing the risks related to PHP Object Injection or insecure usage of unserialize() and how this insecure coding practice is unfortunately very prevalent in the WordPress plugin ecosystem. This post is for plugin (and really any PHP) developers for…
Read The Story

Reboot-Be-Gone with KernelCare & Pagely

Long gone are the days of reboots on Pagely servers due to security related kernel updates. Pagely has been working since the beginning of the year to get our servers upgraded to the latest technologies, including a partnership with KernelCare which allows…
Read The Story

WordCamp Kyoto 2017

I had the honor of presenting this past weekend at WordCamp Kyoto. It wasn't my first time addressing WordCamp crowds on security topics, but it was my first time in Kyoto, Japan. I felt at home, as the attendees and organizers of…
Read The Story

Latest Posts