Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Introducing Abilities API in WordPress Plugins

WordPress released version 6.9 in December 2025, introducing a new framework that changes how the platform communicates with external tools. The update added support for WordPress Abilities API and the Model Context Protocol (MCP), allowing WordPress sites and plugins to describe their capabilities in a structured, machine- and human-readable format. The change reflects a broader shift in how websites are managed.

CVE-2026-1357: WordPress Plugin RCE Exposes Sites to Full Takeover

A critical vulnerability in the WPvivid Backup & Migration WordPress plugin allows unauthenticated attackers to upload and execute arbitrary PHP files on exposed websites. Tracked as CVE-2026-1357, the vulnerability affects vulnerable versions of the plugin and enables remote code execution through network-accessible functionality intended for backup and migration workflows. With over 900,000 active installations, WPvivid is widely deployed across production WordPress environments.

12 Best WordPress Security Plugins to Protect Your Website

In 2025, more than 14,000 WordPress sites reported security vulnerabilities caused by weak passwords, outdated plugins, old themes, and configuration gaps that automated attacks detect far faster than most teams anticipate. Attackers continuously scan the WordPress ecosystem, moving from site to site in search of small vulnerabilities that naturally emerge as websites grow. That’s why strong security plugins are essential: they help seal off these common entry points.

How miniOrange's GPT App Connects LLMs to Your WordPress Site

WordPress is entering a new phase in how websites are managed with the introduction of API Abilities and support for the Model Context Protocol (MCP). These updates allow WordPress core, plugins, and themes to clearly define the actions they support and how those actions should be executed. For the first time, WordPress can communicate its capabilities in a structured way that large language models can reliably understand.

Making Student and Staff Logins Easy on WordPress with LDAP

Managing student and staff logins across different school systems can be messy and unmanageable, especially when every portal requires its own account and password. For WordPress-based education sites, it often means IT teams are stuck creating user accounts manually, resetting passwords, or dealing with duplicate profiles.

2FA For WordPress Membership: 2FA for Membership Sites

Imagine this: your WordPress membership site, thriving with exclusive content and a growing base of loyal members. But what if one breach could shatter trust, expose sensitive data, and compromise your revenue stream? That’s where WordPress Two-Factor Authentication (2FA) steps in as your ultimate defence. Let’s dive into how WordPress 2FA transforms your WordPress membership site into an impregnable fortress and why it’s a must-have for any modern membership platform.

What is Headless WordPress and How Single Sign On (SSO) Secures It

WordPress powers more than 43% of all websites on the internet, making it the most widely used Content Management System (CMS) for everything from small blogs to enterprise sites. Its popularity comes from being easy to use, flexible, and supported by a large ecosystem of plugins and themes. In recent years, many businesses have started using WordPress in a new way called Headless. Industry research shows that nearly 64% of enterprise companies now use a Headless CMS strategy.

CVE-2025-9501: Identifying High-Risk WordPress Instances Using W3 Total Cache

CVE-2025-9501 is a critical remote code-execution vulnerability affecting W3 Total Cache versions prior to 2.8.13, a plugin used by more than a million WordPress sites to improve performance and caching. The issue lies in the plugin’s _parse_dynamic_mfunc handler, which can process user-controlled inputs inside dynamic fragments.

Building for the Long Game: Charlotte WordPress Developers and Sustainable Sites

That's why real businesses in Charlotte are looking for more than a quick fix. They want a partner who understands how to build digital assets that work today, scale tomorrow, and still load lightning-fast three years from now. Enter the quiet heroes of long-term success: Charlotte WordPress developers who code with foresight and optimize with purpose. Let's break down what separates sites built to last from the ones that break when you blink.