Shadow directories: a quiet way to hijack WordPress permalinks
We’re seeing a crafty SEO-spam tactic against WordPress sites: attackers create shadow directories that mimic…
News
News and ideas from matm.
Projects, campaigns and practical tips across brand, design, web, PR and print – to help your marketing really work.
WordPress vulnerability & patch roundup – January 2026
Automated attacks love known weaknesses. January saw a steady flow of WordPress plugin vulnerabilities –…
Fake “Java Update” pop-up hidden inside a malicious WordPress plugin
A new social-engineering tactic is targeting WordPress sites with a convincing “Java Update” pop-up. It…
Malware intercepts Googlebot with IP-verified conditional logic
Some attackers now hide spam content from people — and show it only to search…
Google sees spam, you see your site: cloaked SEO spam explained
Some attacks don’t vandalise your pages. Instead, they quietly turn your website into a mouthpiece…
Fake browser update pop-ups targeting WordPress administrators
A new social-engineering campaign is abusing a malicious WordPress plugin to show convincing fake browser…
Stop “content sniffing” with HTTP security headers
Browsers try to be helpful. If your server doesn’t clearly label a file, they may…
Auto-login backdoor disguised as a JavaScript data file in WordPress
A stealthy backdoor is targeting WordPress sites by posing as a harmless JavaScript asset. In…
Phishing threats: how to protect your WordPress site and your business
Phishing has evolved from clumsy “verify your account” emails into polished scams that mimic real…
ERR_TOO_MANY_REDIRECTS: how to fix redirect loops on your website
Seeing ERR_TOO_MANY_REDIRECTS (or “the page isn’t redirecting properly”) means your site is stuck bouncing between…