2025 Thoughts
✦ June
How to Use PassKeys for WordPress Authentication
For WordPress users, implementing PassKeys can enhance the security of your site while simplifying the login process.
👨‍💻 Blog
2025 Thoughts
✦ June
Getting Started with Multi-Factor Authentication (2FA/MFA)
In this post, I'll cover the different 2FA methods that you should use on all accounts where it’s possible.
2025 Thoughts
✦ June
Getting Started with Access Management (Password Managers)
One of the most basic security-related questions I’m constantly being asked is “What password manager should I use?"
2025 Thoughts
✦ June
How to Deal with Incoming Security Reports
When you receive a security report, what should be the first steps, how should you react, and how quickly should you address the issue?
2025 Thoughts
✦ June
Are Your WordPress Sites Really Isolated From Each Other?
Let's talk about why site isolation is important and why you should make sure to choose a hosting provider that does this properly.
2025 Thoughts
✦ June
How to Make the WordPress Development Process Safer
Whenever you build WordPress websites, plugins, or themes, think about the workflow and how correct workflows can help you incorporate security as early as possible.
2025 Thoughts
✦ June
Why You Should Avoid Nulled WordPress Plugins
When people talk about the risks of nulled plugins, they mostly refer to the malware that is baked into it. However, it’s not the only issue.
2025 Thoughts
✦ June
Why You Should Avoid Abandoned WordPress Plugins
Abandoned projects are essentially a ticking bomb. While they might still be working as intended, the compatibility and security issues are creeping around the corner.
2025 Thoughts
✦ June
How to Automate WordPress Security for Care Plans
Let’s explore some of the ways an agency could automate some of the WordPress maintenance & security tasks.
2025 Thoughts
✦ June
How to Set Up a WordPress Maintenance Service
Maintenance services are not only essential for customers who don’t have any in-house developers, but they are equally important to most companies who might even have entire technical teams as well.
2025 Thoughts
✦ June
How to Help Customers Understand Security
Let’s take a closer look at how the security responsibility should be communicated to the website owners, so they would understand why it’s important for them to invest into security.
2025 Thoughts
✦ June
Supply Chain Security Risks in WordPress Plugins
WordPress 6.5 introduced a feature called plugin dependencies - let's talk about the security risk of plugin dependencies and the software supply chain.
2025 Thoughts
✦ June
Most Dangerous Vulnerabilities in WordPress Plugins
While Cross-Site Scripting, Cross-Site Request Forgery, and Broken Access Control are the most common ones, they might not necessarily be the most dangerous ones.
2025 Thoughts
✦ June
State of WordPress Security – 2024 Report
At the beginning of each year, we, at Patchstack, take a look at how the ecosystem has evolved and what the data shows about the current state of WordPress security.
2025 Thoughts
✦ June
WordPress Plugins Security Vulnerability Disclosures
While the best developers have always opted for transparency and clear communication, there are also those who feel embarrassed or want to make security fixes go unnoticed.
2025 Thoughts
✦ June
WordPress Security Compliance & Regulations
Security compliance and regulations are topics that are not often discussed in the context of WordPress, but this is going to change significantly in the coming years.
2025 Thoughts
✦ June
Who should take responsibility for WordPress security?
WordPress security conversation typically revolves around which solutions to use, where to host, and how to keep it secure, but who should do it?
2025 Thoughts
✦ June
Most Common WordPress Security Misconceptions
Let’s explore some myths, misconceptions, and misinformation I’ve encountered across different blogs, communities, and groups.
2025 Thoughts
✦ June
WordPress Security on Application Layer
The majority of the WordPress hacking incidents happen because something on the application layer failed.
2025 Thoughts
✦ June
WordPress Security on Server Layer
Servers are just computers, and computers are a combination of hardware and software. Both of which need maintenance, configuration, and monitoring.
2025 Thoughts
✦ June
WordPress Security on the Network Layer
In this post, I’ll cover what should be done on the network, how to do it, and also what not to do.
2025 Thoughts
✦ June
How to map the WordPress attack surface?
Before you can start setting up any security measures, you should have a clear understanding of where security is even needed.
2025 Thoughts
✦ May
Consider yourself hacked: a mindset shift for WordPress users
In my previous post, I wrote about why hackers target websites and how they do it.
But you’ve probably
2025 Thoughts
✦ May
Why WordPress Security Matters More Than Ever
Understanding why hackers target specific sites helps you assess risk and build more effective protection. Every site needs a strong security foundation — no matter its size or purpose.
2025 Thoughts
✦ May
How do WordPress sites actually get hacked?
Bots don’t care how big or small your website is—they scan the entire internet for known weaknesses and exploit them at scale.