WordPress Core CVE-2026-63030: patch 7.0.1 and older branches now
Critical unauthenticated RCE (wp2shell) hits WordPress 7.0.0–7.0.1 and 6.9.0–6.9.4. What the CVEs mean, which versions are fixed, and what SMBs should do today.
9 articles
Critical unauthenticated RCE (wp2shell) hits WordPress 7.0.0–7.0.1 and 6.9.0–6.9.4. What the CVEs mean, which versions are fixed, and what SMBs should do today.
A straight take on leaving on-prem or cPanel mail for Microsoft 365 / Google Workspace, and the few cases where self-hosting still makes sense.
You cannot patch what you forgot existed. A quick method to find shadow WordPress and forgotten subdomains.
Bot leads waste sales time and can hide phishing callbacks.
Auto-renew usually works until it does not. A lightweight checklist so HTTPS does not expire on a holiday.
How small business sites get owned, and a maintenance rhythm that prevents most of it.
Registrar default DNS is fine until you need fast changes, DNSSEC, or failover. What to evaluate.
Old TLS versions linger in niche payment and LOB software. Plan the break.
A practical shortlist of WordPress plugins for security, Google insights, SEO, legal pages, and caching: what each one does and when Premium is worth it.