Login

Tag Archives: XWP

31 Aug 2023

WordPress for Enterprise Guide Provides Highly Misleading View of WordPress Security

The news outlet (barely disclosed to be owned by they head of WordPress) the WP Tavern on Tuesday covered a guide for promoting WordPress to enterprises, which they described as “a useful resource for large organizations examining WordPress as a platform or for small agencies looking to pitch WordPress to larger clients”. They also described that as coming from a “collection of leading WordPress agencies” that “have launched a collaborative project to promote the platform to large-scale organizations”. Those agencies are “Big Bite, in partnership with 10up, Alley, Human Made, Inpsyde, and XWP”. We reviewed the section on security and found that it to be littered with misleading, at best, information. But it does point to areas where agencies could help to get WordPress more secure.

(The guide also including contributions form WordPress VIP, which is part of the head of WordPress’ company Automattic, but no disclosure was made of his role of both that and the WP Tavern.) [Read more]

21 Apr 2023

XWP Sponsors Major Cause of Avoidable Insecurity of WordPress Plugins While Leaving Vulnerabilities in Their Own Plugin

It would be easy to make significant improvements to the security of WordPress plugins available through the WordPress Plugin Directory, but year after year that hasn’t happened. A lot of the blame for that can be placed on major players in the WordPress space that are funding the current team running the plugin directory, who have blocked improvements from happening.

Two of the four members of the plugin directory team work directly for the head of WordPress, Matt Mullenweg. He also has a for-profit company, Automattic, which creates many conflicts of interest. One serious conflict of interest is that his company sells access to data on vulnerabilities in plugins through WPScan, while the plugin directory team has refused to provide that information. What makes the conflicts of interest stand out more is that the team obfuscates the connection between their members and Auttomatic. [Read more]