Security

Website security, SSL, DDoS protection, malware prevention, and hosting security best practices.

13 articles

Security

13 articles

Security 15 May 2026

Avada Builder Just Patched a 1M-Site SQL Injection. The WooCommerce Deactivated Trap Is the Buried Lead.

Wordfence disclosed CVE-2026-4798 in Avada Builder this week, affecting over 1,050,000 WordPress installations. The headline is patch to 3.15.3. The buried lead almost nobody covered is the WooCommerce-installed-then-deactivated precondition that turns the SQL injection from a "1M sites at risk" panic into a much narrower exploit window. We have held Avada licences for years and patched our portfolio first. Here is what actually matters.

7 min read Read

Security 17 Mar 2026

How to Check Your WordPress Site's Security in 30 Seconds

Your WordPress site is being probed by bots right now. Our free scanner checks eight things attackers look for, grades your site A+ to F, and tells you how to fix every issue. No plugin, no signup, 30 seconds.

10 min read Read

Security 12 Mar 2026

WordPress Ships Three Security Patches in 24 Hours as Exploits Hit the Wild

WordPress released versions 6.9.2, 6.9.3, and 6.9.4 in a single day after discovering that initial security fixes were incomplete. Four vulnerabilities, including a critical PclZip path traversal flaw, are already being exploited. If you manage your own WordPress updates, this is your wake-up call.

6 min read Read

Security 4 Mar 2026

Cloudflare's 2026 Threat Report: Bots Make 94% of Login Attempts as DDoS Attacks Double

Cloudflare's 2026 State of Application Security report reveals that 94% of all login attempts are bots, 46% of human logins use compromised credentials, and DDoS attacks doubled to 47.1 million in 2025. Here's what UK businesses need to do right now.

7 min read Read

Security 2 Mar 2026

SSL Certificate Validity Is Now 200 Days: What UK Businesses Need to Know

SSL/TLS certificates have been capped at 200 days since 15 March 2026. DigiCert moved first with a 199-day limit. The browser ecosystem transitioned without a major incident. Here's what actually happened, and what UK businesses still managing their own certificates should do before the 100-day cap lands in 2027.

8 min read Read

Security 28 Feb 2026

The 7-Step WordPress Security & GDPR Checklist for UK Small Businesses

43% of UK businesses reported a cyber breach last year. If your WordPress site has a contact form, analytics, or customer logins, security and GDPR overlap. This seven-step checklist covers SSL, two-factor authentication, safe updates, daily backups, user permissions, GDPR compliance, and security monitoring.

8 min read Read

Security 23 Feb 2026

Why No Padlock? How to Find and Fix Mixed Content on Your Website

One HTTP image on an HTTPS page is all it takes to kill your padlock icon and trigger browser warnings. Our free mixed content scanner checks your pages in seconds, grades your SSL setup A to F, and shows you exactly which resources need fixing.

8 min read Read

Security 23 Feb 2026

HTTP Header Inspector: Check Your Site's Security Headers for Free

Your SSL padlock doesn't protect against clickjacking, XSS, or downgrade attacks. Security headers do. Our free HTTP Header Inspector grades your headers A to F, traces redirect chains, and flags server version leaks. Here's what to check and how to fix it.

8 min read Read

Security 7 Jan 2026

AI Crawlers Violate robots.txt on 72% of UK Sites, Cloudflare Data Shows

Cloudflare's new robots.txt compliance tracker reveals which AI crawlers respect your rules and which ignore them. Testing across 47 UK business sites: 72% had violations. Sites with AI discovery files saw 43% fewer.

8 min read Read

Security 12 Dec 2025

170 WordPress Vulnerabilities in One Week, 91 With No Patch

SolidWP disclosed 170 WordPress vulnerabilities on 10 December 2025. Four were critical RCE and file upload flaws affecting 2.3 million sites. Ninety-one had no patch. Here's what to update, what to deactivate, and how to build long-term resilience.

8 min read Read

Security 10 Dec 2025

131,000 Attacks Target WordPress Sites via Sneeit RCE Flaw

A critical remote code execution flaw in the Sneeit Framework WordPress plugin (CVE-2025-6389, CVSS 9.8) has triggered 131,000+ attack attempts. Attackers are creating admin accounts and uploading backdoors. Here's how to check if you're compromised and what to do right now.

8 min read Read

Security 5 Dec 2025

4 Critical WordPress Plugin Vulnerabilities Under Active Attack (December 2025)

Four WordPress plugins with critical CVSS 9.0+ vulnerabilities were under active exploitation in December 2025. All required zero authentication to exploit. Here's what to check and how to protect your site.

8 min read Read

Back to all articles