Blog

A Sold WordPress Plugin, a Hidden Update Channel, and 20,000 Backdoored Sites

I know you’ve heard this before however I’ve caught another plugin with a backdoor on wordpress.org. The plugin is Scroll To Top, slug scroll-top, with 20,000 active installs. The wordpress.org…

WordPress Plugin Hijacked in 2020 Hid a Dormant Backdoor for Years

Twelve sites in our fleet were running a tampered version 5.2.3 of Quick Page/Post Redirect Plugin. The file hash did not match anything on wordpress.org. The SVN log showed the plugin author committed the supply chain mechanism themselves.

GoDaddy Gave a Domain to a Stranger Without Any Documentation

What would you do if your organization had used a domain name for 27 years, and the registrar holding the domain seized it without any advance warning? All email and…

A Custom WordPress Theme from Scratch in 2026: An AI-Driven Workflow

I didn’t plan to rebuild my website. It started with a screenshot and an offhand comment to Claude Code: something feels off about anchor.host. That was March 21st. By the…

1,600 Emails in One Conversation: How I Triage My Inbox With Claude Code

I manage close to 3,000 WordPress sites. Every one of them generates email messages. Password changes. Registration alerts. Uptime monitors. Plugin mismatch warnings. Kinsta error notifications. WordPress recovery mode alerts.…

Someone Bought 30 WordPress Plugins and Planted a Backdoor in All of Them.

Last week, I wrote about catching a supply chain attack on a WordPress plugin called Widget Logic. A trusted name, acquired by a new owner, turned into something malicious. It…

How CaptainCore Drift Uncovered a Nulled Plugin Ring

I manage around 3,000 WordPress sites. Paid plugins often get stuck on old versions. Bad license keys, expired subscriptions, broken updaters. I wanted a way to see which plugins were…