ICYMI: Joomla 6.1 has a built-in POW captcha. Here is how to turn it on across one site or thirty: mysites.guru/blog/how-to-...
1 hour ago
0
0
0
0
Posts by Manage Multiple WordPress and Joomla Sites easily!
Six AJAX-authorization CVEs in eight weeks across Joomla and WordPress extensions. Same pattern every time: a developer added CSRF protection and thought that covered access control. More are coming.
mysites.guru/blog/acymail...
2 hours ago
1
0
0
1
ICYMI: Joomla 6.1 is out. Visual workflow editor, built-in POW captcha, media fields for audio/video. Here's the short list: mysites.guru/blog/joomla-...
11 hours ago
0
0
0
0
ICYMI: New on mySites.guru: Accountant Portal. Your bookkeeper gets a login that opens on invoices and 403s on everything else. Free on every paid plan: mysites.guru/blog/account...
1 day ago
0
0
0
0
WordPress plugin security has three funded CNAs scanning every release. Joomla has a volunteer VEL list. That gap is why AcyMailing CVE-2026-3614 only got a WordPress advisory.
mysites.guru/blog/acymail...
1 day ago
2
1
0
0
ICYMI: Joomla 6.1 has a built-in POW captcha. Here is how to turn it on across one site or thirty: mysites.guru/blog/how-to-...
1 day ago
1
1
0
0
Site hacked or broken? Phil fixes WordPress, Joomla, and server problems same-day for ยฃ120 flat. No hourly billing. No charge if he can't help.
fix.mysites.guru?utm_source=b...
1 day ago
1
0
0
0
New on mySites.guru: Accountant Portal. Your bookkeeper gets a login that opens on invoices and 403s on everything else. Free on every paid plan: mysites.guru/blog/account...
2 days ago
1
1
0
0
Yet again, a dual WP/Joomla plugin gets a WordPress-only CVE. AcyMailing 9.11.0-10.8.1 is affected on Joomla too. The vulnerable code is in shared files. Update to 10.8.2.
mysites.guru/blog/acymail...
2 days ago
1
1
0
0
Advertisement
ICYMI: Joomla 6.1 adds version history to modules. Articles got this in 2013. Modules 2026. Here's how to turn it on across every site you manage: mysites.guru/blog/joomla-...
2 days ago
1
1
0
0
Joomla's compat plugin is a crutch, not a fix. Each one gets removed in the next major version. If your extensions still depend on it, they'll crash on upgrade. Here's how to find out. mysites.guru/blog/joomla-...
2 days ago
0
0
0
0
Joomla 6.1 has a built-in POW captcha. Here is how to turn it on across one site or thirty: mysites.guru/blog/how-to-...
3 days ago
2
1
0
0
Joomla 6.1 adds version history to modules. Articles got this in 2013. Modules 2026. Here's how to turn it on across every site you manage: mysites.guru/blog/joomla-...
3 days ago
0
0
0
0
ICYMI: Joomla 6.1 is out. Visual workflow editor, built-in POW captcha, media fields for audio/video. Here's the short list: mysites.guru/blog/joomla-...
3 days ago
0
0
0
0
Joomla's com_ajax didn't require a login in the admin area for 13 years. The 5.4.4 fix is good but also an undisclosed B/C break. And the official AJAX docs still teach the insecure pattern.
mysites.guru/blog/ajax-en...
4 days ago
0
0
0
0
Joomla 6.1 is out. Visual workflow editor, built-in POW captcha, media fields for audio/video. Here's the short list: mysites.guru/blog/joomla-...
4 days ago
1
1
0
0
CVE-2026-0740 mechanism:
Plugin validates source filename (good). Doesn't sanitise destination filename (bad). Upload a .jpg, POST destination as shell.php, plugin writes it. RCE.
~50,000 sites.
mysites.guru/blog/ninja-f...
4 days ago
0
0
0
0
CVE-2026-0740 mechanism:
Plugin checks source filename (good). Plugin doesn't sanitize destination filename (bad). Attacker uploads a .jpg, then POSTs the destination as shell.php. Plugin writes it. RCE.
~50,000 WordPress sites affected.
mysites.guru/blog/ninja-f...
4 days ago
0
0
0
0
ICYMI: You can now sort your sites/available updates by using your tags in the mySites.guru mass update tool
4 days ago
0
0
0
0
Advertisement
ICYMI: CVE-2026-21627 (CVSS 9.5) in the Novarain Framework for Joomla. Unauthenticated file inclusion and SQL injection. Public exploit on GitHub.
Most admins don't know it's installed. Update to 6.0.38+.
mysites.guru/blog/novarai...
5 days ago
0
1
0
0
WordPress 7.0 shipped. Sites on PHP < 7.4 or MySQL < 8.0 are stuck on 6.9.
Check which sites are affected.
mysites.guru/blog/wordpre...
5 days ago
1
0
0
0
ICYMI: WordPress ships a Sample Page and Hello World post on every install. Google indexes them. mySites.guru spots and removes them in one click. mysites.guru/blog/remove-...
5 days ago
1
1
0
0
ICYMI: Someone bought 30 WordPress plugins and backdoored them. Dormant 8 months, activated last week. WP.org doesn't vet plugin buyers.
mysites.guru/blog/essenti...
5 days ago
1
1
0
0
ICYMI: 4 WP plugins on 29M+ sites patched security flaws in March. Two need no login to exploit.
Full CVE breakdown:
mysites.guru/blog/four-wo...
5 days ago
0
0
0
0
ICYMI: Redesigned the auto-login flow in mySites.guru. Cleaner UI, progress feedback, and a secure connection indicator.
One click. No passwords.
mysites.guru/blog/one-cli...
5 days ago
2
1
0
0
ICYMI: Critical auth bypass in Astroid Framework for Joomla (CVE-2026-21628, CVSS 10.0). Attackers upload backdoors without logging in. Update to 3.3.13. mysites.guru/blog/astroid...
6 days ago
1
0
0
0
Someone bought 30 WordPress plugins and backdoored all of them. It sat dormant for 8 months before going live last week. WordPress.org checks the seller wants to sell, but doesn't vet the buyer.
mysites.guru/blog/essenti...
6 days ago
1
1
0
0
Advertisement
ICYMI: How to find and disable the Guided Tours plugin on your Joomla sites. mysites.guru/blog/how-to-...
6 days ago
1
0
0
0
ICYMI: WordPress auto-updates can break sites overnight. Disable them across all your sites from one dashboard - no SSH, no wp-config edits. mysites.guru/blog/stop-au...
1 week ago
0
0
0
0
ICYMI: WordPress admin bar showing on the frontend? Disable it across all your sites from one dashboard. mysites.guru/blog/disable...
1 week ago
0
0
0
0