MainWP Blog - WordPress Security

A serious security incident has been circulating through the WordPress community this week, and for anyone managing multiple WordPress sites, it is worth paying close attention. An attacker bought roughly 30 WordPress plugins through legitimate marketplace purchases, then used the WordPress.org commit access to quietly insert malicious code. What makes this especially troubling is not only the scale of the attack, but how long it was able to sit unnoticed. In at least one confirmed case, the malicious code remained Continue reading the post...

Privacy requirements can be overwhelming, especially for small businesses. Sometimes, it’s hard to know where to even start evaluating whether your small business website is compliant with the requirements that privacy laws can impose. However, evaluating your website for privacy pitfalls is important as privacy laws can and do apply to small businesses and non-compliance fines can be high (starting at $2,500 per website visitor). In this article, we will discuss how to check your website for the most common Continue reading the post...

This month, not only are we celebrating 12 years of MainWP, but we’re also celebrating yet another partnership. This time, it’s Patchstack. You may already be familiar with Patchstack, but if not, they focus on vulnerability mitigation for WordPress websites. They are the largest WordPress vulnerability discloser and work with over 1,100 plugins as security partners. What that means in practical terms is simple. Patchstack helps protect your sites by mitigating vulnerabilities before they’re actively exploited. The Webinar Last week, Continue reading the post...

If I had a dollar for every time I heard someone say “my business is too small for privacy laws to apply to me”, I’d be rich. In fact, many small businesses assume that privacy laws do not apply to them because their business is too small, they collect too little personal information, they don’t have many (or any) employees, they make too little revenue, or because people input their personal information into website forms voluntarily. However, all of these Continue reading the post...

As many of you know, California leads the nation when it comes to data protection, whether it be the California Online Privacy and Protection Act (CalOPPA), the California Invasion of Privacy Act (CIPA), or the California Privacy Rights Act (CPRA), the State has always been at the forefront of providing privacy protections to consumers. The California Privacy Protection Agency (CPPA) recently enhanced protections for individuals and requirements for businesses by releasing Regulations requiring certain companies to undertake cybersecurity audits. In Continue reading the post...

You have your privacy obligations down pat – you know which privacy laws apply to you, your Privacy Policy is up to date with the latest laws, you don’t track website visitors without consent, and you have a process for replying to privacy rights requests. But have you ensured that your vendors are in compliance too? When you share your customer data with a vendor, you are also responsible for making sure that the vendor processes that data in accordance Continue reading the post...

Maintaining strong security and user management in WordPress is vital for site administrators, especially when managing multiple users. One common security concern is users having multiple active sessions simultaneously across different devices or browsers. Limiting these sessions enhances security and helps you manage user behavior and access more effectively. Two useful plugins for managing and restricting active sessions in WordPress are Loggedin and Sessions. Here’s how to use them to gain control over user sessions on your WordPress site. Why Continue reading the post...

We all make mistakes. Maybe we hold the door for a stranger to be polite, allowing them to enter our building, ignore a warning to update our browsers because we have a busy day ahead of us, or allow a coworker to log into our email to resolve a customer issue. While these actions may seem innocuous, they can lead to extremely costly security incidents and data breaches. In fact, recent studies have found that 88% of cybersecurity breaches were Continue reading the post...

As more and more privacy laws go into effect every year, privacy compliance obligations are only increasing for businesses. For example, you may now be required to allow customers to delete their data, be more careful as to who receives your marketing emails, and include privacy checkboxes on every form on your website. These types of obligations can affect every part of your business and every employee. Since most privacy violations are caused by employee mistakes, it is imperative that Continue reading the post...

This article explores the security landscape for the year 2025. Three WordPress community-recognized web security experts will share their insights and predictions to help us anticipate and address upcoming security challenges. Our team of experts include Rob Cairns of Stunning Digital Marketing, Oliver Sild of Patchstack, and Kathy Zant, experienced security consultant.  Kathy wrote and published her own article about cyber security trends on her website – see here, while Oliver Sild wrote and published his predictions at The Admin Continue reading the post...