Expert guides on web hosting, WordPress, security, SEO, and preparing your business for the AI era.
Most local business websites claim trust. Lockerfella publishes the evidence. A walk through a live UK locksmith site that maps every E-E-A-T letter to dated, named, verifiable proof, framed against Google's 15 May 2026 non-commodity guidance and the May 2026 core update.
Read article
SolidWP disclosed 170 WordPress vulnerabilities on 10 December 2025. Four were critical RCE and file upload flaws affecting 2.3 million sites. Ninety-one had no patch. Here's what to update, what to deactivate, and how to build long-term resilience.
A California federal judge ordered Automattic to restore WP Engine's WordPress.org access within 72 hours. The ruling ended a three-month standoff that blocked updates for 200,000+ sites and raised questions about who controls the WordPress ecosystem.
A critical remote code execution flaw in the Sneeit Framework WordPress plugin (CVE-2025-6389, CVSS 9.8) has triggered 131,000+ attack attempts. Attackers are creating admin accounts and uploading backdoors. Here's how to check if you're compromised and what to do right now.
In December 2025, Google Discover began testing AI-generated headline rewrites that compress titles to four words. Three viral examples showed how the AI turned gaming articles into child exploitation accusations and created fake price announcements. Updated April 2026: the experiment continued through Q1 2026 and was followed by the late-December Discover collapse. AI-resistant headline advice still applies.
72 hours of production benchmarks comparing PHP 8.3, 8.4, and 8.5 on WordPress 6.9. The results: 23% faster page loads, 30% faster WooCommerce add-to-cart, and three plugins that broke.
WordPress 6.9 changed cache key generation, breaking every major caching plugin and causing CPU spikes, stale content, and TTFB increases. The bug was patched in 6.9.1. Sites on 6.9.1 or newer no longer see the issue. Workaround steps preserved for the historical record.
Google quietly added then removed an llms.txt file from Search Central while Discover rolled out AI Mode options that summarise your content before readers click through. SE Ranking's 300k-domain study still shows no citation benefit. Here's what actually matters.
PHP 8.5 launched 20 November 2025. Four months on, the 12-14% speed improvements have held up across hundreds of production WordPress sites. Here are the three features driving the gains: pipe operator, improved JIT, and readonly class improvements.
Google Discover was driving massive traffic in late 2025: 50,000+ daily views to optimised WordPress sites. Read alongside our December 2025 update article on the algorithm change that hit publishers hard. The image, hosting-speed, and news-style structural advice still applies.
Four WordPress plugins with critical CVSS 9.0+ vulnerabilities were under active exploitation in December 2025. All required zero authentication to exploit. Here's what to check and how to protect your site.
WordPress 6.9 shipped seven performance changes that cut CSS payloads by 45%, improved TTFB by 19%, and dropped LCP by 17% across our test sites. Here's what each change does and why it matters.
A critical vulnerability in King Addons for Elementor (CVE-2025-8489) lets anyone create an admin account on your WordPress site. Over 48,400 exploit attempts logged since October. Here's how to check if you're compromised and lock it down.
