Over 1 million WordPress sites at risk after popular plugins hacked

Three popular plugins served malicious JavaScript through a compromised CDN.

WordPress Plugins: Supply Chain Attack Puts 1.2 Million Sites at Risk

In a supply chain attack, attackers install backdoors through the WordPress plugins OptinMonster, TrustPulse, and PushEngage.
Infosecurity Magazine

Attackers Hijack Popular WordPress Plugins to Deploy Backdoors

Attackers have hijacked the code behind several popular WordPress plugins to plant hidden backdoors and rogue administrator ...
The Hacker News

Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites

Tampered JavaScript in three Awesome Motive plugins exposed WordPress sites to rogue admin accounts and hidden backdoors.
The Tech Edvocate

How to speed up WordPress site

Spread the love“`html As a website owner, few things are as frustrating as a slow-loading site. Not only does it impact user experience, but it also affects your search engine rankings. If you’re ...
techtimes

WordPress 7.0 Ships AI Agent Infrastructure: API Key Theft Risk Surfaces on Launch Day

WordPress 7.0 "Armstrong," released May 20, 2026, arrived without the real-time collaborative editing feature that had been its stated centerpiece for months — and within two days of launch, a ...
Bleeping Computer

Funnel Builder WordPress plugin bug exploited to steal credit cards

A critical vulnerability in the Funnel Builder plugin for WordPress is being actively exploited to inject malicious JavaScript snippets into WooCommerce checkout pages. The flaw has not received an ...
The Next Web

Someone bought 30 WordPress plugins and planted backdoors in all of them

An attacker bought 30+ WordPress plugins (Essential Plugin portfolio) on Flippa for six figures, planted a PHP deserialization backdoor in August 2025, then activated it eight months later to serve ...
theregister

Cloudflare previews 'EmDash' – an AI-driven rebuild of WordPress in TypeScript

The world's most popular CMS has been remade with the help of AI. Cloudflare has released EmDash version 0.1, described as a rebuild of the WordPress CMS (content management system) but using ...
Computerworld

Cloudflare’s new CMS is not a WordPress killer, it’s a WordPress alternative

WordPress's massive installed base isn't going anywhere, but many developers and AI agents are not opting for the product for new sites. Will they go for Cloudflare instead? Cloudflare on Wednesday ...
Ubuntu

EmDash: The Secure, Fast TypeScript Successor to WordPress

WordPress powers over 40% of the internet. It helped millions of people share their ideas for over 20 years. But, the web has changed a lot since WordPress first started. Today, many developers are ...
inkbotdesign.com

The 15+ Best WordPress Plugins for Small Business Websites

Stop treating your WordPress site like a digital scrapheap. In 2026, plugin bloat is the primary driver of losses in search visibility and user trust. This audit identifies the essential, ...