WP Briefing: Who Is WordPress?


In this episode, Josepha explores the five groups within the WordPress ecosystem and provides a high-level example of how they interact and support one another. As always, stay tuned for the small list of big things and a contributor highlight.   Have a question you’d like answered? You can submit them to wpbriefing@wordpress.org, either written or as a voice recording. Credits Editor: Dustin Hartzler Logo: Beatriz Fialho Production: Chloé Bringmann Song: Fearless First by Kevin MacLeod References Get to know WordPress Teams Five Steps of Volunteer Engagement  Community Highlight  WordCamp Centroamérica 2021 Online (Schedule) So you want to make block patterns? […]

Web Hosting Security in 2021 – Who’s Responsible Today?


Jim Walker Free Consultation by Phone We Fix Hacked Websites Fast (619) 479-6637. I’ve been reading a number of rather aggressively toned discussions against various web hosts in forums over the past few months.   I would like to take a bit of your time today to address some of the statements made against shared hosting companies and their responsibilities in resolving WordPress-related malware issues. My background. In Read More The post Web Hosting Security in 2021 – Who’s Responsible Today? appeared first on Free Consultation by Phone We Fix Hacked Websites Fast (619) 479-6637.

Vulnerabilities Patched in WP Page Builder


On February 15, 2021, the Wordfence Threat Intelligence team began the responsible disclosure process for several vulnerabilities in WP Page Builder, a plugin installed on over 10,000 sites. These vulnerabilities allowed any logged-in user, including subscribers, to access the page builder’s editor and make changes to existing posts on the site by default. Additionally, any logged-in user could add malicious JavaScript to any post, potentially resulting in site takeover. We initially contacted Themeum, the plugin’s publisher, on February 15, 2021 and received a response that evening. We provided full disclosure the next day, on February 16, 2021. A patched version […]

How to Know If You Are Under DDoS Attack


Nowadays, the term DDoS probably raises the heart rate of most webmasters. Though many don’t know exactly what a DDoS attack is, they do know the effect: an extremely sluggish or shut-down website.  In this article, we’ll focus on how to know if your website is under attack and how to protect it.   Hopefully, we can help you handle DDoS attacks without having a full blown meltdown.  What is a DDoS Attack?  Continue reading How to Know If You Are Under DDoS Attack at Sucuri Blog.

WordPress Vulnerability Report: April 2021, Part 1


New WordPress plugin and vulnerabilities were disclosed during the first week of April. This post provides a report of recent WordPress plugin, theme, and core vulnerabilities and what to do if you run one of the vulnerable plugins or themes on your website. The WordPress Vulnerability Roundup is divided into three different categories: WordPress core, WordPress plugins, and WordPress themes. Each vulnerability includes information on which version you should be running, so be sure to update! Each vulnerability will also have a severity rating of Low, Medium, High, or Critical. The severity ratings are based on a Common Vulnerability Scoring System designed to help you […]

Announcing activity logs for Gravity Forms


Today we’re really excited to announce the new activity logs extension for Gravity Forms, which allows the plugin users to keep a log of what is happening in Gravity Forms. So, without wasting any more time, let’s dive right in. Activity logs for Gravity Forms Gravity Forms is one of the most popular form builder plugins for WordPress. You can create any kind of web form that you want, from a simple contact form to a more complicated one such as a payment form. When the Activity Log for Gravity Forms extension is installed alongside the WP Activity Log plugin, […]

The Month in WordPress: March 2021


This way of iterating improves WordPress and ties back to one of my favorite open-source principles. The idea that with many eyes, all bugs are shallow. To me, that means that with enough people looking at a problem, someone is bound to be able to see the solution. These words from Josepha Haden Chomphosy on the How WordPress Improves episode of the WP Briefing Podcast point to the factors that differentiate building software in an open-source environment. Our updates this month are closely tied to the philosophy behind those core principles of open source software.  WordPress 5.7 released WordPress version […]

Episode 111: PHP Git Repository Compromised


The self-hosted Git repository for PHP was compromised, with attackers adding a backdoor to a development version of PHP 8.1. The intrusion was detected by the PHP community quickly, and no production environments were affected. Ubiquiti experienced an intrusion in January that was far worse than originally reported; attackers gained access to nearly all of the AWS assets for the company who has shipped 85 million IoT devices. Some OpenSSL vulnerabilities were recently patched, and two new vulnerabilities in Linux-based operating systems could let attackers circumvent Spectre mitigations to obtain sensitive information from kernel memory. Here are timestamps and links […]

PPMWP 2.4.0: New feature to block users with failed login attempts & other updates


Today we are happy to announce Password Policy Manager update 2.4.0. This exciting release features the much anticipated new feature to block users which have failed login attempts as well as other updates and improvements. Let’s dive right in to see what is new and improved in this latest update of our Password Policy Manager plugin for WordPress. Block users with multiple failed login attempts By default, WordPress allows users to try to log in as many times as they want. This functionality is often exploited – attackers use easily available automated tools to launch dictionary attacks and guess your […]

The Importance of Website Backups


Today is World Backup Day. This date was created to remind people of the importance of having backups set up for everything that matters. I am pretty sure your website falls into the category of precious digital assets.   Why are website backups important?  Imagine waking up in the morning to see that a couple of calls were missed and your email is overloaded with messages saying that your website is down. You go to your computer to check your server and it’s working fine – but oh no,  all your files are deleted from the database. Continue reading The Importance of Website Backups at Sucuri Blog.