CRA compliance guides and regulatory analysis for WordPress developers.
Five years of mandatory security patching. What that means for solo developers, how to price for sustainability, and what happens at end of life.
Read more →What to include in your VDP, where to publish it, how it connects to security.txt, safe harbour clauses, and working alongside Patchstack.
Read more →Field-by-field guide to the CRA Declaration of Conformity. What Annex V requires, self-assessment vs third-party, CE marking for software, and common mistakes.
Read more →The CRA exempts non-commercial open source, but the line is narrower than you think. Freemium, donations, sponsored development, and WordPress-specific grey areas.
Read more →What triggers the 24-hour CRA reporting clock, the three-stage notification timeline, how the ENISA Single Reporting Platform works, and real WordPress scenarios.
Read more →Everything you need to know about complying with the EU Cyber Resilience Act before the September 2026 deadline. Step-by-step roadmap for WordPress plugin and theme developers.
Read more →The key test for CRA scope, the commercial vs open-source distinction, grey areas around freemium models, and how to determine your obligations.
Read more →Both are EU regulations, but they address entirely different concerns. Here is how they differ, where they overlap, and what it means for your plugin.
Read more →What a Software Bill of Materials is, why the CRA requires it, the CycloneDX format, and how to generate one for your WordPress plugin.
Read more →