Four threat actors probed our new server within hours of launch. Here’s exactly what they were looking for and why vibe-coded apps are handing it to them. By Tom Raef, Founder, We Watch Your Website May 25, 2026 We launched a new server this week. Not a WordPress site. A code analysis server, the infrastructure…
By Tom Raef, Founder — We Watch Your Website There’s a moment in every security researcher’s career when something stops being theoretical and becomes undeniably real. For me, that moment came about halfway through this project, when I realized that every single platform we tested — without exception — was telling its users their app…
Security Advisory | We Watch Your Website The calls started coming in before the coffee cooled. A WordPress site owner — developer by trade, not by security background — had used an AI assistant to build a custom plugin over a weekend. It handled contact form submissions, wrote data to a database, and passed a few…
There are new broad PCI DSS 4.0 compliance requirements that apply to eCommerce websites. The new requirements add a Level 4 which applies to small eCommerce websites handling less than 20,000 transactions per year. These websites did not previously have to complete requirements for PCI DSS version 3. The deadline for compliance with these is…
Many people have received notifications from their cloud server provider indicating their server’s IP address has been reported as attacking other websites. We Watch Your Website’s services have been used frequently to investigate these claims. The following is a recent one that is very interesting. We Watch Your Website has just completed another investigation of…
Introduction WordPress Security is full of myths that have no basis in reality or data. A particularly pervasive one is the unsubstantiated claim that “95% of WordPress hacks are due to outdated plugins or themes.“ If that’s the case, then during times of no current zero-day exploits, or the lack of major vulnerable plugins and…