Tag

WordPress Security

Keeping your WordPress site secure with updates, plugins, and best practices.

17 articles

WordPress is the most targeted CMS on the web. That's not because it's insecure; it's because it's popular, and attackers go where the numbers are. Most compromises come from outdated plugins, weak passwords, or skipped updates.

These articles cover the security side of WordPress: hardening your install, responding to vulnerabilities, and understanding what your hosting provider handles versus what's on you. We see the attack patterns first-hand through our managed hosting platform, and we share what we learn.

Explore topics

WordPress Hosting UK Business Small Business AI Visibility SEO Web Hosting Content Strategy Security AI Discovery Files WordPress

Security 15 May 2026

Avada Builder Just Patched a 1M-Site SQL Injection. The WooCommerce Deactivated Trap Is the Buried Lead.

Wordfence disclosed CVE-2026-4798 in Avada Builder this week, affecting over 1,050,000 WordPress installations. The headline is patch to 3.15.3. The buried lead almost nobody covered is the WooCommerce-installed-then-deactivated precondition that turns the SQL injection from a "1M sites at risk" panic into a much narrower exploit window. We have held Avada licences for years and patched our portfolio first. Here is what actually matters.

7 min read Read

Security 17 Mar 2026

How to Check Your WordPress Site's Security in 30 Seconds

Your WordPress site is being probed by bots right now. Our free scanner checks eight things attackers look for, grades your site A+ to F, and tells you how to fix every issue. No plugin, no signup, 30 seconds.

10 min read Read

Security 12 Mar 2026

WordPress Ships Three Security Patches in 24 Hours as Exploits Hit the Wild

WordPress released versions 6.9.2, 6.9.3, and 6.9.4 in a single day after discovering that initial security fixes were incomplete. Four vulnerabilities, including a critical PclZip path traversal flaw, are already being exploited. If you manage your own WordPress updates, this is your wake-up call.

6 min read Read

Security 4 Mar 2026

Cloudflare's 2026 Threat Report: Bots Make 94% of Login Attempts as DDoS Attacks Double

Cloudflare's 2026 State of Application Security report reveals that 94% of all login attempts are bots, 46% of human logins use compromised credentials, and DDoS attacks doubled to 47.1 million in 2025. Here's what UK businesses need to do right now.

7 min read Read

Security 28 Feb 2026

The 7-Step WordPress Security & GDPR Checklist for UK Small Businesses

43% of UK businesses reported a cyber breach last year. If your WordPress site has a contact form, analytics, or customer logins, security and GDPR overlap. This seven-step checklist covers SSL, two-factor authentication, safe updates, daily backups, user permissions, GDPR compliance, and security monitoring.

8 min read Read

Security 23 Feb 2026

Why No Padlock? How to Find and Fix Mixed Content on Your Website

One HTTP image on an HTTPS page is all it takes to kill your padlock icon and trigger browser warnings. Our free mixed content scanner checks your pages in seconds, grades your SSL setup A to F, and shows you exactly which resources need fixing.

8 min read Read

Security 23 Feb 2026

HTTP Header Inspector: Check Your Site's Security Headers for Free

Your SSL padlock doesn't protect against clickjacking, XSS, or downgrade attacks. Security headers do. Our free HTTP Header Inspector grades your headers A to F, traces redirect chains, and flags server version leaks. Here's what to check and how to fix it.

8 min read Read

WordPress 8 Feb 2026

Never Edit the Wrong WordPress Environment Again: The Environment Indicator Plugin

A colour-coded WordPress plugin that labels your admin bar green, orange or red so you never accidentally push changes to the wrong environment. Built after one too many late-night staging mistakes.

10 min read Read

Security 7 Jan 2026

AI Crawlers Violate robots.txt on 72% of UK Sites, Cloudflare Data Shows

Cloudflare's new robots.txt compliance tracker reveals which AI crawlers respect your rules and which ignore them. Testing across 47 UK business sites: 72% had violations. Sites with AI discovery files saw 43% fewer.

8 min read Read

News 16 Dec 2025

Grok's Bondi Errors Show AI Risks for UK WordPress Sites

Grok AI spread false information about the Bondi Beach terrorist attack, inventing a fictional hero and misidentifying victims. Here's why UK WordPress site owners using AI for content need to pay attention to the Online Safety Act and implement proper verification workflows.

10 min read Read

Hosting 15 Dec 2025

PHP 8.1 End of Life: What Happened Next and Why Millions Are Still Exposed

PHP 8.1 reached end-of-life on 31 December 2025. Four months on, WP Cloud, Pagely, and WordPress VIP have force-migrated their customers, but roughly 55% of the top million PHP sites are still running an EOL version. Here's what happened, what the host-driven upgrades actually broke, and how to get off PHP 8.1 now if you haven't already.

9 min read Read

Security 12 Dec 2025

170 WordPress Vulnerabilities in One Week, 91 With No Patch

SolidWP disclosed 170 WordPress vulnerabilities on 10 December 2025. Four were critical RCE and file upload flaws affecting 2.3 million sites. Ninety-one had no patch. Here's what to update, what to deactivate, and how to build long-term resilience.

8 min read Read

Security 10 Dec 2025

131,000 Attacks Target WordPress Sites via Sneeit RCE Flaw

A critical remote code execution flaw in the Sneeit Framework WordPress plugin (CVE-2025-6389, CVSS 9.8) has triggered 131,000+ attack attempts. Attackers are creating admin accounts and uploading backdoors. Here's how to check if you're compromised and what to do right now.

8 min read Read

Security 5 Dec 2025

4 Critical WordPress Plugin Vulnerabilities Under Active Attack (December 2025)

Four WordPress plugins with critical CVSS 9.0+ vulnerabilities were under active exploitation in December 2025. All required zero authentication to exploit. Here's what to check and how to protect your site.

8 min read Read

Security 4 Dec 2025

King Addons Hack Lets Anyone Become WordPress Admin

A critical vulnerability in King Addons for Elementor (CVE-2025-8489) lets anyone create an admin account on your WordPress site. Over 48,400 exploit attempts logged since October. Here's how to check if you're compromised and lock it down.

9 min read Read

WordPress 2 Dec 2025

WordPress 6.9 Broke 3 Popular Plugins: Here's What Failed and How to Fix It

WordPress 6.9 broke WooCommerce, Yoast SEO, and Elementor within hours of launch. Here's exactly what went wrong, how to fix each plugin, and the update strategy that prevents this happening next time.

8 min read Read

WordPress 11 Sep 2025

WordPress 6.9 Upgrade Guide: Safe Updates and Speed Tips

The safe WordPress 6.9 upgrade process from backup to verification. Pre-upgrade checklist, three update methods, post-upgrade testing, troubleshooting common issues, and speed optimisation tips.

7 min read Read

Back to all articles