Category: Security
-
Blocking Plugins on WordPress.org: Security or Added Risk?
Security practices on WordPress.org have long been a topic of debate, particularly when it comes to blocking plugins that have known vulnerabilities. While the intention behind such actions is to safeguard users, blocking access to a plugin in the repository can ironically increase risk for sites that rely on it. How Does the Plugin Blocking…
-
The Security of Uploaded Images in WordPress: Sensitive EXIF Data and Default Image Compression
Images are an integral part of any website, including WordPress-powered sites. However, many users may not be aware that the photos they upload often contain sensitive information in the form of EXIF metadata. On the other hand, WordPress has a default image compression feature, which reduces image quality in the pursuit of better performance. In…
-
Why WordPress.org Blocked the Advanced Custom Fields Plugin by WP Engine?
Recently, the WordPress community was surprised to learn that Advanced Custom Fields (ACF), one of the most popular plugins for managing custom fields, was temporarily blocked from the official WordPress.org repository. This move sparked discussions and concerns among developers and users who have relied on ACF for years. What exactly went wrong, and why did…
-
Why relying on complex subdomain names won’t stop bots from finding your site
Many website owners may believe that creating complex, obscure subdomain names will help hide sensitive parts of their web infrastructure from bots and malicious actors. This practice, often referred to as “security through obscurity,” assumes that the more intricate and hard-to-guess a subdomain name is, the less likely it will be discovered. However, in reality,…
