Blog

WordPress.org Closed 83 WPFactory Plugins, Let’s Review

Last week WordPress.org closed 83 plugins from WPFactory. The closure caught their Algoritmika and WBW Plugins accounts too. Same parent company. There was a report on wp-content.co about a suspected…

The Great Security Reset of 2026

February 2026 started like any other month. Then the security alerts started flooding in. Sites that had been clean for years were suddenly compromised. Backdoors were showing up in places…

A Sold WordPress Plugin, a Hidden Update Channel, and 20,000 Backdoored Sites

I know you’ve heard this before however I’ve caught another plugin with a backdoor on wordpress.org. The plugin is Scroll To Top, slug scroll-top, with 20,000 active installs. The wordpress.org…

WordPress Plugin Hijacked in 2020 Hid a Dormant Backdoor for Years

Twelve sites in our fleet were running a tampered version 5.2.3 of Quick Page/Post Redirect Plugin. The file hash did not match anything on wordpress.org. The SVN log showed the plugin author committed the supply chain mechanism themselves.

GoDaddy Gave a Domain to a Stranger Without Any Documentation

What would you do if your organization had used a domain name for 27 years, and the registrar holding the domain seized it without any advance warning? All email and…

A Custom WordPress Theme from Scratch in 2026: An AI-Driven Workflow

I didn’t plan to rebuild my website. It started with a screenshot and an offhand comment to Claude Code: something feels off about anchor.host. That was March 21st. By the…

1,600 Emails in One Conversation: How I Triage My Inbox With Claude Code

I manage close to 3,000 WordPress sites. Every one of them generates email messages. Password changes. Registration alerts. Uptime monitors. Plugin mismatch warnings. Kinsta error notifications. WordPress recovery mode alerts.…

Someone Bought 30 WordPress Plugins and Planted a Backdoor in All of Them.

Last week, I wrote about catching a supply chain attack on a WordPress plugin called Widget Logic. A trusted name, acquired by a new owner, turned into something malicious. It…

How CaptainCore Drift Uncovered a Nulled Plugin Ring

I manage around 3,000 WordPress sites. Paid plugins often get stuck on old versions. Bad license keys, expired subscriptions, broken updaters. I wanted a way to see which plugins were…

How I Caught a WordPress Plugin Supply Chain Attack

A routine security alert led to uncovering a WordPress plugin supply chain attack. The Widget Logic plugin had changed hands, and the new owner used version number manipulation to inject external JavaScript while preventing auto-updates from delivering the fix.