When it comes to trying to improve security surrounding WordPress two of the big problems are inaccurate information being spread by security companies and journalists, and often they are combined. As an example of that, an article popped up the other day for the Google News alert we have set to keep track of coverage of plugin vulnerabilities (which we previously mentioned in the context of another inaccurate claim, that 90 percent of websites hacked last year were running WordPress). Part of that article, which quotes someone from the company behind the most popular WordPress security plugin, Wordfence Security is as follows:

All new plugins are checked by WordPress before being added to the public repository, but the same doesn’t apply to updates. [Read more]