Agency News Weekly

Categorized under:

,
Photo of author
Written By Nathan Ingram

A Teachable Moment for Clients on Website Security

Last week, researchers uncovered a staggering 16 billion stolen credentials floating around the dark web. Though there was some question originally, Bleeping Computer reports that this latest find is not the result of a new catastrophic breach, but rather an accumulation of leaked data collected over the years.

But the reality is that many of these credentials still probably work.

For agencies, this isn’t just another headline, it’s an excellent opportunity to have a conversation with our clients about security. Most small businesses still don’t use two-factor authentication consistently. Some reuse passwords across platforms. And in many cases, credentials are stored in shared spreadsheets or email threads with little thought to the risk.

Our clients are the weakest link in WordPress security. It’s why Kathy Zant and I created MonsterSecure last year as a tool for agencies to educate our clients on good security practices.

But it’s not just small businesses who have these issues, large companies have problems too. Insurance giant Aflac disclosed a breach last week where attackers likely gained access through social engineering, posing as support personnel to trick employees into handing over access. It’s a reminder that many attacks don’t start with code, they start with trust.

Big security headlines like these are also the perfect excuse to remind our clients why our website care plans are so important. Not only do we keep their sites up-to-date, we’re also there if things go wrong. When a client gets a suspicious email, we want to be the first call they make. Our work is not just about fixing problems, it’s about helping our clients understand how to avoid them in the first place.

First They Took Your Password, Now They Want Your Eyeballs

  • While on the subject of web security… Reddit is in talks with Worldcoin, OpenAI CEO Sam Altman’s identity-verification startup, to possibly use its iris-scanning Orb for user verification.
  • Worldcoin’s Orb is a metallic sphere that scans irises and links the data to a unique cryptographic ID, not personal information, according to Worldcoin.
  • A Reddit spokesperson emphasized they’re exploring technologies to help authenticate users without collecting unnecessary data.
  • If adopted, the Orb could allow Reddit to offer “verified human” badges or tiered access to certain communities.

Preparing Client Sites for WooCommerce 10

  • WooCommerce 10.0 is coming on July 7, with some significant updates, but no breaking changes.
  • Accessibility is a big priority in this release. WooCommerce will be fully WCAG 2.2 AA compliant and “substantially conformant” to AAA as long as you’re using an accessibility-ready theme.
  • You can now create sharable checkout URLs that automatically add products and bundles to the cart.
  • The CSV importer now supports HTML content while maintaining security standards to help prevent harmful imports.
  • A number of other improvements have been made to the cart block, checkout block, and coupon handling.
  • Developers can test code now using the WooCommerce Beta Tester plugin.

Worth a Look

our sponsors

Hosting.com logo
Omnisend
Kinsta
Progress Planner
Elementor
WP Munich
Atarim
Patchstack
Post Status

The Community for Professionals in the WordPress space

Post Status

About

Jobs

Contact Us

Code of Conduct

Opportunities

Sponsor Post Status

Partner Directory

Digital Agencies

Products

plugins

Hosts

Resources

Podcasts

Higher Ed Agencies

Newsletter Archive

Black Friday Deals

WP Speakers

JOIN POST STATUS

[email protected]

Join Today

https://bsky.app/profile/poststatus.com

© 2026 Post Status. All rights reserved

Privacy Policy | Terms of Use

Looking for our logo?

You're in the right spot!

Check out our Logo & Style page.