Do you know Patchstack? You should! Patchstack (formerly WebARX) is a cybersecurity company with a unique approach to connect bug bounties and community-driven security research with virtual patching technologies to reach its goal to make the web a safer space for everyone. Patchstack has a public WordPress Vulnerabilities Database, they bring the informations we need […]
iThemes Security is a know security plugin in the WordPress community since years. One week ago we discovered a security issue in their “Hide Backend” module, leaking the hidden login page. This ByPass Vulnerability has been patched in 7.9.1, update it if you’re using it.
SecuPress 2.0 is here! As always, after a while without updating, this 2.0 is finally here. The goal of this version is to open the door to future versions 2.x because this change of major version number means that all the functionalities will be reviewed one by one in order to be improved in every […]
When I want to share sensitive data or when I ask a client to share sensitive data, I use a service to do the job, a service called RevealIt.me. This free service was made by a an ex-coworker, it works fine, I trust him so everything was OK. Then one day on Slack someone (also […]
This post is a response to Yoast at https://yoast.com/wordpress-security/. Yoast is a SEO company in the WordPress ecosystem since 10 years now. They are professionals without any doubts, but for SEO purposes, not for Security. After my read on that particular and recent post from them, I had to answer and fix the issues. Some […]