Cloudways

Cloudways is Still Storing Non-Hashed Passwords

Last November GoDaddy, which heavily markets themselves to the WordPress community, disclosed a massive breach of the data on customers using the managed WordPress hosting service. A stunning element of that was that they were still storing customers’ passwords in non-hashed form, despite that being a big security no-no for easily over a decade. If they hadn’t been improperly storing those passwords, the damage from the breach would have been more limited. It turns out that another web host marketing itself to the WordPress community is still doing that now.

Cloudways is heavily marketing themselves in the WordPress community. That includes through Post Status (alongside to GoDaddy entities, GoDaddy Pro and Pagely): [Read more]

Patchstack Continues to Overstate Size of Their Database Despite Dropping Claimed Size for 2021 by 35%

Last month we noted that a couple of WordPress news outlets had repeated what appear to be clearly false claims made by one of WordPress security provider Patchstack. It should go without saying that a security company that isn’t honest is a big deal. We have run across a further claim from Patchstack that disputes the previous claim they made, while still appearing to be false.

On November 5, the WP Tavern ran a story by Justin Tadlock that included this claim about the number of vulnerabilities in Patchstack’s database for this year: [Read more]

Plugin Vulnerabilities

A service to protect your site against vulnerabilities in WordPress plugins.

Tag Archives: Cloudways

Cloudways is Still Storing Non-Hashed Passwords

Patchstack Continues to Overstate Size of Their Database Despite Dropping Claimed Size for 2021 by 35%