WordPress vulnerability roundup: what February 2026 means for your website
WordPress security is easy to put off when a website appears to be working normally….
Security Matters
Expert insights and updates to help organisations strengthen their digital defences.
From WordPress vulnerabilities to secure file transfer and plugin risk management, Security Matters supports a proactive approach to online security.
Beyond login screens: why access control really matters for your website
When people think about website security, they often think about login screens, passwords, and maybe…
Shadow directories: a quiet way to hijack WordPress permalinks
We’re seeing a crafty SEO-spam tactic against WordPress sites: attackers create shadow directories that mimic…
WordPress vulnerability & patch roundup – January 2026
Automated attacks love known weaknesses. January saw a steady flow of WordPress plugin vulnerabilities –…
Fake “Java Update” pop-up hidden inside a malicious WordPress plugin
A new social-engineering tactic is targeting WordPress sites with a convincing “Java Update” pop-up. It…
Malware intercepts Googlebot with IP-verified conditional logic
Some attackers now hide spam content from people — and show it only to search…
Google sees spam, you see your site: cloaked SEO spam explained
Some attacks don’t vandalise your pages. Instead, they quietly turn your website into a mouthpiece…
Fake browser update pop-ups targeting WordPress administrators
A new social-engineering campaign is abusing a malicious WordPress plugin to show convincing fake browser…
Stop “content sniffing” with HTTP security headers
Browsers try to be helpful. If your server doesn’t clearly label a file, they may…
Auto-login backdoor disguised as a JavaScript data file in WordPress
A stealthy backdoor is targeting WordPress sites by posing as a harmless JavaScript asset. In…