Category: WordPress Security

  • The Dangers of Unlicensed WordPress Plugins and Themes

    One of the greatest things about WordPress is the open source community behind it. Thanks to the multitude of plugins and themes available, even the most basic of users can create and deploy a WordPress site with ease. Through this beautiful ecosystem that empowers people to build amazing websites, several businesses have also flourished. Premium […]

    Learn More


  • WordPress Security Updates: Feb 2020

    WordPress Core No notable WordPress core security releases. Plugin/Theme Vulnerabilities of Note Duplicator Plugin The Duplicator and Duplicator-Pro plugins both contained a vulnerability that allowed attackers to make a single request to a website, and be able to download arbitrary files from the WordPress website. It is being reported that attackers are actively using this […]

    Learn More


  • WordPress Security Updates: Jan 2020

    WordPress Security and Maintenance Releases: 5.2.4, 5.3.1, and 5.3.2 Pagely customers were spared issues from bugs introduced in the 5.3.0 release as, due to the proximity to the holidays, we didn’t upgrade our customers to 5.3 until early January. All Pagely customers received security patches for vulnerabilities identified in WordPress Core before 5.2.4 for the […]

    Learn More


  • The Short History of Unauthenticated Site Options Update Vulnerabilities

    Over recent years Pagely’s security team noticed a trend in WordPress related attacks targeting unauthenticated changes to a WordPress website’s options table. The attack is specific to WordPress, but in its boiled down essence, this vulnerability would fall under Broken Access Controls/Elevation of Privilege (OWASP Top 10, 2017 A5). In laypersons terms: the application lacks […]

    Learn More


  • Can WordPress Developers and Security Researchers get along?

    The relationship between WordPress developers and security researchers has been strained for some time now. Recently it is so bad that vulnerability reporters are going rogue which is affecting site owners. In the past months we’ve seen multiple researchers drop 0-day information (vulnerability details with no current patch available) which has resulted in our security […]

    Learn More


  • For Safety, the P3 Plugin Has Been Banned

    We spend every April 1st playing jokes on each other that rely on comical hoaxes and abuse our trust, but make us giggle during this annual tradition. We know these fantastical stories are most likely false and intended to entertain. Stories like T Mobile’s Phone BoothE, Nissin’s Cup o Noodles headphones, or Auntie Anne’s Hot […]

    Learn More


  • Pagely Security Research, and Disclosure Policy

    This post is about the realities both good and bad that come with the responsibility of reporting vulnerabilities. The long days of summer are gone, fall has faded away and winter is upon us… reflecting back over the past months the Pagely security team spent some of those days uncovering and reporting a number of […]

    Learn More


  • Why Neglecting Usability Can Undermine Your WordPress Site’s Security

    Usability testing is one of those unglamorous tasks that are often left for another day. It can be difficult to justify the time and budget required to check every button, link, and function on a website. It’s a luxury that many online businesses feel they can’t afford. However, usability testing can uncover serious security threats […]

    Learn More


  • Disaster Recovery Plan: Why Your Website Needs One to Survive

    The word “disaster” is one you never want to hear in business. Even if it’s a seemingly minor disaster, it usually means taking time away from business to investigate the root cause, clean up the mess, update processes, and sometimes even apologize to clients or employees who were harmed in the wake of it. But […]

    Learn More


  • An Extensive Plan of Action for WordPress Security

    There’s no nice way to put this, so I’m just going to come out and say it: WordPress websites are prime targets for hackers. It’s not that WordPress itself is an inherently unsafe content management system. In fact, I would go so far as to say that the WordPress security team does a fantastic job […]

    Learn More