For an example of the current security climate online that PSA lives in…here’s the latest part of an ongoing series explaining how one bad actor, in particular, managed to insert malicious spamming code into various plugins for WordPress.org sites. Of course, he is not the only miscreant doing, or attempting, similar things.
PSA doesn’t have any of the plugins noted in this list, but we did have a bad plugin with malicious spamming code inserted into our website in the spring of 2017 that has been fully removed, WordFence security prevention steps are in place now at PSA and have worked flawlessly to date to prevent added bad code to our PSA site. But of course, new hacking exploits are developed regularly, and we rely on WordFence to keep up to date on new threats.
This portion of a multipart report gives a heads up for some future problems that could occur and demonstrates how valuable a service WordFence has come to be for WordPress.org websites.