On June 2nd, 2026, we received a submission for a critical Unauthenticated Authentication Bypass vulnerability in UpdraftPlus, a WordPress plugin with more than 3 million active installations. Although the plugin has such a large install base, the vulnerability is only exploitable on sites that have previously been connected to UpdraftCentral, the plugin’s remote site management … Read more
WordCamp Europe, the biggest WordPress conference in Europe, spent the first week of June in Kraków. The 2026 edition of this event filled the ICE Kraków Congress Centre from June 4 to 6, drawing 2,458 ticket holders from 81 countries to the south of Poland. Close to a quarter of them were attending their first … Read more
tl;dr: Temporary 24-hour cooldown period for plugin/theme releases before auto-updates. AI can give defenders an edge. We want to secure all 78K plugins and themes on WordPress.org. One of the things we’ve always striven to do as the developers of WordPress is to work harder so you don’t have to; we take technology that’s complex … Read more
Last week, there were 277 vulnerabilities disclosed in 184 WordPress Plugins and 70 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 94 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected. Our mission with … Read more
As the leader in WordPress security, Wordfence provides unparalleled security coverage that fully encompasses protection, active monitoring, detection, and response all built around our threat intelligence, demonstrating a strong commitment to security. Our mission is to ensure comprehensive defense-in-depth for every layer of a WordPress website’s security. It’s important to understand that a complete security … Read more
