Three popular plugins served malicious JavaScript through a compromised CDN.

New analysis shows the campaign, which uses compromised WordPress sites, may be linked to the ransomware and extortion group Vice Society.

In a supply chain attack, attackers install backdoors through the WordPress plugins OptinMonster, TrustPulse, and PushEngage.

Attackers have hijacked the code behind several popular WordPress plugins to plant hidden backdoors and rogue administrator ...

Tampered JavaScript in three Awesome Motive plugins exposed WordPress sites to rogue admin accounts and hidden backdoors.

MonsterInsights WordPress plugin website is offline and warning users to avoid downloading plugin from third-party websites.

ReviewSignal''s 2024 benchmark put average TTFB for managed WordPress hosts between 80ms and 220ms, and the gap usually ...

WordPress announced the Protect The Shire initiative to make all plugins and themes in its repositories and directories ...

Eight innovative tools that are reimagining web applications and how we build them. Welcome to the Great Unbloating.

WP Engine, a global web enablement company providing premium products and solutions for websites built on WordPress® 1, today ...

The comments on some Steam Profiles are actually loaded with invisible malware.

CVE-2026-8732 in WP Maps Pro lets unauthenticated attackers create admin accounts on 15,000+ WordPress sites. Wordfence blocked 2,858 attacks in 24 hours.