Network World

Wordfence plugin secures WordPress sites; solves job from hell

Effectively managing your own passwords under any circumstances is hard work but managing your users’ passwords on a WordPress installation can become the job from hell. Say you’re the admin of a ...
ZDNet

Another WordPress commercial plugin gets exploited in the wild

Hackers are exploiting an old vulnerability in a commercial WordPress plugin to break into websites and plant backdoors. Ongoing attacks have been first spotted at the end of last month by incident ...
Tech Times

WordPress Email Plugin Flaw Triggers 17 Million Attacks: Gravity SMTP Leaks Live API Keys

Gravity SMTP WordPress vulnerability CVE-2026-4020 has drawn 17 million automated exploit attempts since May 2026, draining ...
Searchenginejournal.com

The WordPress Security Guide To Keep Your Site Safe

There are eight fundamental actions that all WordPress publishers should consider in order to mitigate malicious activities and vulnerabilities. Following these best practices will help ensure that a ...
Bleeping Computer

Massive attack against 1.6 million WordPress sites underway

Wordfence analysts report having detected a massive wave of attacks in the last couple of days, originating from 16,000 IPs and targeting over 1.6 million WordPress sites. The threat actors target ...
Bleeping Computer

Zero-day in WPGateway Wordpress plugin actively exploited in attacks

The Wordfence Threat Intelligence team warned today that WordPress sites are actively targeted with exploits targeting a zero-day vulnerability in the WPGateway premium plugin. WPGateway is a ...
The Next Web

A WordPress plugin sold to 15,000 sites has a flaw that lets anyone create an admin account, and attackers are already using it

A critical vulnerability (CVE-2026-8732, CVSS 9.8) in the WP Maps Pro WordPress plugin allows unauthenticated attackers to create admin accounts and take over sites. Wordfence blocked 2,858 ...