To ensure that your WordPress website is secure and stays that way, you need to have a security plugin.

One reason is that they report regularly on critical vulnerabilities of plugins you might use.

There are few available, although my preference goes to Wordfence.

Critical vulnerabilities in WordPress plugins – August 2021

The Wordfence Threat Intelligence team found sofar these vulnerabilities:

XSS Vulnerability in SEOPress

A WordPress plugin installed on over 100,000 sites.

This flaw made it possible for an attacker to inject arbitrary web scripts on a vulnerable site which would execute anytime a user accessed the “All Posts” page.

They reached out to the plugin developer on July 29, 2021. After receiving confirmation of an appropriate communication channel the next day on July 30, 2021, we provided the full disclosure details. The vendor quickly acknowledged the report and a patch was released on August 4, 2021 in version 5.0.4.

We strongly recommend updating immediately to the latest patched version of SEOPress, version 5.0.4, if you are currently using a vulnerable version of the plugin.

Read full details

Ten password mistakes that could get your WordPress site hacked according to Wordfence

Timestamps

• 24:30​ Mistake #10: Not using a password manager
• 29:57​ Mistake #9: Sharing passwords
• 34:39​ Mistake #8: Not being aware of your surroundings
• 37:17​ Mistake #7: Not monitoring and auditing passwords
• 41:32​ Mistake #6: Using passwords that are not complex
• 46:19​ Mistake #5: Using personal information in passwords
• 49:45​ Mistake #4: Not removing ex-employee and/or developer and/or support user credentials
• 53:00​ Mistake #3: Using passwords that are too short
• 57:27​ Mistake #2: Not using multi-factor authentication
• 1:01:45​ Mistake #1: Reusing passwords

All the best,

Luc

Thank you for your time. All you have to do now is click one of the buttons below to share with people you know or leave a comment. I thank you if you do ?