Harmonic Design Launches HDAnalytics: Privacy-First, Cookieless Analytics Built Natively for WordPress

HDAnalytics is a fast, cookieless WordPress analytics plugin delivering actionable insights, full GDPR/CCPA compliance, ...
TechRadar

WordPress users beware - GootLoader strikes again, using font hack to spread malware

Gootloader malware resurfaced in late October 2025 after a nine-month hiatus, used to stage ransomware attacks Delivered via malicious JavaScript hidden in custom web fonts, enabling stealthy remote ...
The Hacker News

Hackers Exploit WordPress Sites to Power Next-Gen ClickFix Phishing Attacks

Cybersecurity researchers are calling attention to a nefarious campaign targeting WordPress sites to make malicious JavaScript injections that are designed to redirect users to sketchy sites. "Site ...
TechRadar

WordPress hackers are teaming up with commercial adtech firms to distribute malware to millions of users - here's how to stay safe

Push notifications are now being used as malware delivery systems, and users are unknowingly subscribing to them Fake CAPTCHA prompts are now the gateway to persistent browser hijacks and phishing ...
Bleeping Computer

WordPress plugin disguised as a security tool injects backdoor

A new malware campaign targeting WordPress sites employs a malicious plugin disguised as a security tool to trick users into installing and trusting it. According to Wordfence researchers, the malware ...
Searchenginejournal.com

WordPress Robots.txt: What Should You Include?

The humble robots.txt file often sits quietly in the background of a WordPress site, but the default is somewhat basic out of the box and, of course, doesn’t contribute towards any customized ...
Searchenginejournal.com

A Beginner’s Guide To Elementor Editor For WordPress

Elementor Editor is the world’s most popular WordPress page builder plugin. It currently has a market share of 17% and is used by 12% of all websites. It simplifies website creation using four core ...
SecurityWeek

Threat Actors Deploy WordPress Malware in ‘mu-plugins’ Directory

Sucuri has discovered multiple malware families deployed in the WordPress mu-plugins directory to evade routine security checks. Malicious hackers have been caught hiding their WordPress malware in ...
Dark Reading

Swarms of Fake WordPress Plug-ins Infect Sites With Infostealers

Threat actors have taken a campaign that uses fake browser updates to spread malware to a new level, weaponizing scores of WordPress plug-ins to deliver malicious infostealing payloads, after using ...
TechCrunch

WordPress.org bans WP Engine, blocks it from accessing its resources

WordPress drama went up another notch on Wednesday after WordPress.org, the open source web-hosting software, banned hosting provider WP Engine from accessing its resources. In a post on WordPress.org ...
Dark Reading

WordPress Supply Chain Attack Spreads Across Multiple Plug-ins

A threat actor or actors has compromised multiple plug-ins on the WordPress.org site with code aimed at giving attackers administrative privileges as well as conducting further malicious activity. Of ...