This is the final episode of the Patchstack Weekly podcast. All things come to an end - so it's only fitting to dedicate the last episode to software end-of-life, and how developers and website owners should handle sunsetting their projects.

We also want to thank our host, Robert, for sharing lessons on WordPress security (and beyond) over these past 68 episodes!

Forking is a fundamental part of open-source software - it offers anyone the opportunity to lead an existing project in a new direction. But forking also means that the owners of the new fork are taking over the responsibility for the security of their new project.

This week's knowledge share is about a rare but serious security bug that can be found in any PHP application. Luckily it is easy to avoid, and WordPress has a built-in function that developers can utilize to help secure against it.

Closed-source software has one vulnerability open-source software will never face - source code leaks. This episode is all about embracing people who review open-source software, and consequently make it safer.

We'll also cover the recent Elementor Pro vulnerability that is, unfortunately, being actively exploited by attackers.

When you see a security fix available for your website, you should of course update the affected component. But should you drop everything and apply the update immediately? Or can you at least finish your coffee first? Or is it OK to deal with it when you get a break? That depends on the bug.

Also in this episode, we'll cover the recent critical WooCommerce security bug which was, luckily, fixed with a rare forced update by the WordPress team.

Abandoned plugins with security bugs in them are a silent risk for WordPress site owners - but there's an easy way to spot plugins that have been out of date for a while straight from your WordPress admin page. This episode is a quick tutorial on that!

We've just released our annual State of WordPress Security report, chock full of security stats and trends from the WordPress ecosystem.

Last year we saw 328% more reported security bugs added to our vulnerability database compared to 2021. This is actually a positive sign of the ecosystem becoming more secure, as more bugs are being caught (and patched). On the downside, the trend of critical vulnerabilities being left unpatched persists.

This week's knowledge share is an introduction to headless CMS's and WordPress. Robert will dive into what a headless CMS is, how WordPress can be used as one, and the security concerns that go along with it.

A static website is basically just some HTML files sitting on a server. It's very fast, cheap and secure - and it's rare to have all three.

This week's episode is all about the benefits of static sites, and when should you consider using them.

Regular software updates are essential for security - but they are not enough. Even if you make it a habit to regularly update your WordPress components or use auto-updates, sometimes developers won't release security updates. In fact in 2022, a quarter of critical vulnerabilities found in WordPress plugins did not receive a fix.

This is where "virtual patching" comes in - tune in to learn more about this handy extra security layer.