Updates on WordPress security, Wordfence and what we're cooking in the lab today.

Wordfence Blog

Podcast Episode 40: WordPress Considers Ditching Signed Core Updates

This entry was posted in Podcasts on August 20, 2019 by Kathy Zant   0 Replies

A recent discussion among WordPress core developers about removing support for code signing in core caught our attention. Code signing support was included with the WordPress 5.2 release. The discussion centers around removing code signing and implementing SSL verification and hashes to verify code integrity. In this week’s episode we chat about the history behind the vulnerability found by Wordfence’s Matt Barry, which is what motivated the addition of code signing to WordPress core. We review several high profile supply chain attacks and discuss how SSL and hashes would not protect against a sophisticated attack on WordPress core servers.

Find us on your favorite app or platform including iTunes, Google Podcasts, Spotify, YouTube, SoundCloud and Overcast.

Click here to download an MP3 version of this podcast. Subscribe to our RSS feed.

Some sources we reference in this week’s episode include:

You can find Mark on Twitter as @mmaunder and Kathy as @kathyzant.

Do you have thoughts about WordPress core update code signing? Please feel free to post your feedback in the comments below.

Did you enjoy this post? Share it!

No Comments on "Podcast Episode 40: WordPress Considers Ditching Signed Core Updates"

Follow Us

      


Protect your websites with the #1 WordPress Security Plugin

Get Premium
Over 100 million downloads

Wordfence Newsletter

Get WordPress Security Alerts and Product Updates