TechRepublic

5 WordPress plugins to bolster security

WordPress is one of the most widely-used Content Management Systems on the planet. With over 43% of websites using the platform, it’s no surprise that it has a target on its back. That not only means ...
Bleeping Computer

WordPress AIOS plugin used by 1M sites logged plaintext passwords

The All-In-One Security (AIOS) WordPress security plugin, used by over a million WordPress sites, was found to be logging plaintext passwords from user login attempts to the site's database, putting ...
Computerworld

WordPress Multisite SSL with domain mapping using Cloudflare

The march toward SSL everywhere continues. While this would have been just about impossible before 2004 due to the one IP per SSL certificate restriction and a dwindling pool of IP4 addresses, a new ...
Ars Technica

WordPress plugin installed on 1 million+ sites logged plaintext passwords

All-In-One Security, a WordPress security plugin installed on more than 1 million websites, has issued a security update after being caught three weeks ago logging plaintext passwords and storing them ...
ZDNet

Hackers exploit zero-day in WordPress plugin to create rogue admin accounts

Hackers are exploiting a zero-day vulnerability in a WordPress plugin made by ThemeREX, a company that sells commercial WordPress themes. The attacks, detected by Wordfence, a company that provides a ...
CSO Online

WordPress plugin hole enables account takeover

What makes this now-patched plugin hole especially dangerous is the lack of authentication needed for an attack, which can give the ability to change root/admin passwords.