WordPress Vulnerability Report: June 2021, Part 2


Vulnerable plugins and themes are the #1 reason WordPress websites get hacked. The weekly WordPress Vulnerability Report powered by WPScan covers recent WordPress plugin, theme, and core vulnerabilities, and what to do if you run one of the vulnerable plugins or themes on your website. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure and reporting of vulnerabilities is an integral part of keeping the WordPress community safe. Please share this post with your friends to help get the word out and make WordPress safer for everyone. In the June, Part 2 Report Sign up for the weekly WordPress Security […]

Introducing the new WP Activity Log video series


Today, we’re excited to launch our new WP Activity Log short video series. Its main focus is to provide step-by-step video tutorials and insights about the WordPress activity log by highlighting the features of the plugin and how to use them based on your needs. In this series, we’ll cover topics ranging from how to keep a log of changes on some of the most popular used WordPress plugins, to third party integrations with log management systems. You’ll also learn about the plugins’ features and all the different settings you can tweak in order to improve security and user management […]

WordPress 5.8 Beta 1


WordPress 5.8 Beta 1 is now available for testing! This software is still in development, so it is not recommended to run this version on a production site. Instead, we recommend that you run this on a test site to play with the new version. You can test the WordPress 5.8 Beta 1 in two ways: Install and activate the WordPress Beta Tester plugin (select the “Bleeding edge” channel and “Beta/RC Only” stream). Direct download the beta version here (zip). The current target for the final release is July 20, 2021. This is just six weeks away, so your help is vital to ensure this […]

WP Briefing: Episode 10: Finding the Good In Disagreement


To Agree, disagree, and everything in-between. In this episode, Josepha talks about forming opinions and decision-making in the WordPress project. Have a question you’d like answered? You can submit them to wpbriefing@wordpress.org, either written or as a voice recording. Credits Editor: Dustin Hartzler Logo: Beatriz Fialho Production: Chloé Bringmann Song: Fearless First by Kevin MacLeod References 10/10/10 Rule The Eisenhower Matrix  The Maximin Strategy  WordCamp Europe WordCamp Japan WordPress 5.8 Development Cycle Transcript Josepha Haden Chomphosy  00:10 Hello, everyone, and welcome to the WordPress Briefing, the podcast where you can catch quick explanations of some of the ideas behind the […]

Episode 120: Jetpack Autoupdate Security Patch Bypasses Local Settings


A security fix for an information leak vulnerability was pushed out to WordPress sites using Jetpack that bypassed local settings preventing autoupdates. A ransomware attack on JBS that shut down meat processing operations in the United States has been attributed to REvil, a private Russian ransomware-as-​a-service operation. A critical zero-day vulnerability was discovered by the Wordfence site cleaning team in the Fancy Product Manager plugin, used by 17,000 WordPress sites. Amazon devices will soon automatically share your Internet with neighbors, unless you opt out by June 8. Google PPC ads are serving up malicious content targeting searches for AnyDesk, Dropbox […]

WordPress Redirect Hack via Test0.com/Default7.com


Malicious redirect is a type of hack where website visitors are automatically redirected to some third-party website: usually it’s some malicious resource, scam site or a commercial site that buys traffic from cyber criminals (e.g. counterfeit drugs or replica merchandise). Types of Malicious Redirects There are two major types of malicious redirects: server-side redirects and client-side redirects. Server-side redirects take place before a visitor even loads a page. The most common techniques used by server-side redirect hacks are “rewrite” rules in Apache .htaccess files or PHP code injected into legitimate files. Continue reading WordPress Redirect Hack via Test0.com/Default7.com at Sucuri […]

A New Design is Coming to WordPress News


After many years of a tidy, white-space filled design on WordPress.org/news it’s time to bring new life to the way we present our content. So much has changed since this site was first created: the people who read it, the type and variety of what is published, even the way WordPress works has changed. Which means it makes sense to change our theme. Earlier this year, Matt requested a new design from Beatriz Fialho (who also created the State of the Word slides for 2020). The design keeps a clean, white-space friendly format while incorporating a more jazzy, playful feeling […]

WordPress Brute-Force Attack and How to Prevent It


If you are concerned about your WordPress website getting bombarded with brute-force attack attempts, your concern is well-placed. Brute force attacks are currently one of the most common forms of hacking. According to the Data Breach Investigations Report in 2020 by Verizon, the brute-force method was involved in over 80% of the attacks in one way or another. In a WordPress brute-force attack, hackers utilize the trial and error method to break into the security system of your website. Once they are in, they can take over the entire execution and data of your website. They can use your WordPress […]

WordPress XML-RPC Exploit: Everything You Need to Know


If you are here searching for ways to disable XML-RPC to secure your website from WordPress XML-RPC exploit, you are in the right place. But before that, you need to know the answers to these questions. What is XML-RPC.php? How can an XML-RPC exploit put your website at risk? Is disabling XML-RPC exploit going to solve everything? What can be the alternative to disabling the XML-RPC feature? Through this article, we will try to give answers to all these questions and a lot more. What is XML-RPC? WordPress XML-RPC is an API (application program interface) that enables the transfer of […]

Monthly WordPress Security Roundup [May 2021]


Hello everyone, it’s Kanishk again from Astra Security, bringing you the latest WordPress security with another version of our Monthly WordPress Security Roundup for May 2021.  Through this article, we will be discussing the vulnerabilities disclosures & bug fixes in the WP core, database, plugins and themes, and some other security issues related to the WordPress CMS platform. So, let’s get started! In May 2021, WordPress fixed a medium severity vulnerability named Object Injection in PHPMailer that impacted sites running on WordPress versions between v3.7 and v5.7. The vulnerability is fixed in the latest version WordPress 5.7.2  that was released […]