Weekly Roundup: June 22, 2026 – June 28, 2026

This week brought a sobering reminder that WordPress security isn’t just about keeping your site updated—it’s about staying one step ahead of attackers who are getting smarter, faster, and more persistent. We also saw some helpful guidance on performance, updates, and platform comparisons. Let’s break down what happened.

Security Takes Center Stage

The biggest story of the week was easily the international takedown of the SocGholish malware operation, which resulted in nearly 15,000 compromised WordPress sites getting cleaned up. This wasn’t some small-time operation—law enforcement agencies coordinated across multiple countries to dismantle a cybercrime network that’d been quietly infecting businesses for years. If you’re running a WordPress site and wondering whether security should be a priority, this is your answer.

But the security news didn’t stop there. A critical vulnerability in the Gravity SMTP plugin triggered a staggering 17 million exploit attempts, exposing email credentials on over 100,000 sites. The flaw leaked live API keys, which is basically handing attackers the keys to your email infrastructure. If you’re using Gravity SMTP, you’ll want to make sure you’re running the latest patched version immediately.

Keeping Your Site Updated and Optimized

Speaking of updates, we published a comprehensive guide on how to update WordPress using four different methods. Whether you’re comfortable clicking buttons in the dashboard or prefer command-line control with WP-CLI, keeping your site current isn’t optional anymore—it’s your first line of defense against the exact vulnerabilities that made this week’s security news so dramatic.

On the performance side, we broke down Core Web Vitals and how to actually improve them. Google’s ranking algorithm cares about loading speed, responsiveness, and visual stability, and these metrics aren’t just theoretical—they directly impact whether your site shows up in search results. The good news? There are concrete steps you can take to measure and fix these issues.

Platform Comparisons and Specialized Hosting

We also tackled the eternal question: WordPress vs Webflow in 2026. WordPress still dominates with 42.6% of all websites, and it costs exactly zero dollars to start. Webflow, on the other hand, passes Core Web Vitals 58% of the time, which is nothing to sneeze at. The right choice really depends on your technical comfort level and what you’re trying to build.

And if you’re running AI-powered tools or web builders, regular hosting might not cut it anymore. Our review of the best AI hosting providers for 2026 shows that AI applications have different infrastructure needs—more resources, better performance, and specialized configurations that standard WordPress hosting simply wasn’t designed for.

What to Watch Next Week

As we head into the final week of June, keep an eye on any follow-up developments from the SocGholish takedown—there’s usually more to these stories than the initial headlines suggest. And with attack volumes like what we saw with Gravity SMTP, it’s worth monitoring whether we’ll see similar vulnerability disclosures in other popular plugins. Security researchers are clearly paying attention, and attackers are moving faster than ever. Stay updated, stay vigilant, and we’ll keep you posted on what matters most.