Beyond login screens: why access control really matters for your website
When people think about website security, they often think about login screens, passwords, and maybe…
Cybersecurity
Shadow directories: a quiet way to hijack WordPress permalinks
We’re seeing a crafty SEO-spam tactic against WordPress sites: attackers create shadow directories that mimic…
WordPress vulnerability & patch roundup – January 2026
Automated attacks love known weaknesses. January saw a steady flow of WordPress plugin vulnerabilities –…
Fake “Java Update” pop-up hidden inside a malicious WordPress plugin
A new social-engineering tactic is targeting WordPress sites with a convincing “Java Update” pop-up. It…
Malware intercepts Googlebot with IP-verified conditional logic
Some attackers now hide spam content from people — and show it only to search…
Google sees spam, you see your site: cloaked SEO spam explained
Some attacks don’t vandalise your pages. Instead, they quietly turn your website into a mouthpiece…
Fake browser update pop-ups targeting WordPress administrators
A new social-engineering campaign is abusing a malicious WordPress plugin to show convincing fake browser…
Stop “content sniffing” with HTTP security headers
Browsers try to be helpful. If your server doesn’t clearly label a file, they may…
Auto-login backdoor disguised as a JavaScript data file in WordPress
A stealthy backdoor is targeting WordPress sites by posing as a harmless JavaScript asset. In…
Phishing threats: how to protect your WordPress site and your business
Phishing has evolved from clumsy “verify your account” emails into polished scams that mimic real…