WordPress

WordPress 5.2 Improves the Security of Automatic Updates

WordPress 5.2, released earlier this month, added the first step towards fully secure updates with offline digital signatures. Scott Arciszewski, Chief Development Officer for Paragon Initiative Enterprises, explains how it works and how developers can migrate away from mcrypt to libsodium. When your WordPress site installs an automatic update, from (more…)

PluginVulnerabilities.com is Protesting WordPress.org Support Forum Moderators by Publishing Zero-Day Vulnerabilities

A security service called Plugin Vulnerabilities, founded by John Grillot, is taking a vigilante approach to addressing grievances against WordPress.org support forum moderators. The company is protesting the moderators’ actions by publishing zero-day vulnerabilities (those for which no patch has been issued) and then attempting to contact the plugin author (more…)