WP 2FA 1.6.0: New users’ 2FA status column & customizable redirects after 2FA setup

https://www.wpwhitesecurity.com/wp-2fa-1-6-0/

It has been almost four months since we released the last update of the WP 2FA plugin. So naturally, today we are very excited to announce WP 2FA 1.6.0. Since the plugin is now used by more than 15,000 users, we are getting a lot of useful feedback. Because of the feedback, this update comes with a decent number of highly requested new features and performance improvements. Thanks a lot for all the feedback and make sure to keep it coming! So without wasting any more time, let’s dive right in to see what’s new and improved in this update […]

WordPress 5.7.2 Security Release

https://wordpress.org/news/2021/05/wordpress-5-7-2-security-release/

WordPress 5.7.2 is now available. This security release features one security fix. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated. WordPress 5.7.2 is a short-cycle security release. The next major release will be version 5.8. You can update to WordPress 5.7.2 by downloading from WordPress.org, or visit your Dashboard → Updates and click Update Now. If you have sites that support automatic background updates, they’ve already started the update process. Security Updates One security issue affecting WordPress versions between 3.7 and 5.7. If you […]

WordPress Vulnerability Report: May 2021, Part 2

https://ithemes.com/wordpress-vulnerability-report-may-2021-part-2/

Vulnerable plugins and themes are the #1 reason WordPress websites get hacked. This report covers recent WordPress plugin, theme, and core vulnerabilities and what to do if you run one of the vulnerable plugins or themes on your website. Each vulnerability includes a severity rating of Low, Medium, High, or Critical. Responsible disclosure and reporting of vulnerabilities is an integral part of keeping the WordPress community safe. Please share this post with your friends to help get the word out and make WordPress safer for everyone! In the May, Part 2 Report WordPress Core Vulnerabilities No new WordPress core vulnerabilities have been disclosed this […]

Welcome to Openverse

https://wordpress.org/news/2021/05/welcome-to-openverse/

Following the recent statement by WordPress’s co-founder Matt Mullenweg and the Creative Commons CEO, Catherine Stihler’s post, I’m happy to formally announce that CC Search is now part of the WordPress open source project, newly coined Openverse. Both Matt and I are long-time supporters of Creative Commons. I hope that this will provide a long-term, sustainable challenger to closed source photo libraries and further enhance the WordPress ecosystem. How Does This Affect Current Users? Current CC Search users will continue searching and using openly licensed images from around the internet. WordPress plans to continue the great work started by the […]

How to keep a log of Yoast SEO changes on your website

https://wpactivitylog.com/keep-log-yoast-seo-changes/

Most site owners are well-aware of the impact of both good and bad Search Engine Optimization (SEO). As such, monitoring how SEO affects your site is vital. In fact, there’s a simple way to keep a log of Yoast SEO changes across your entire site. We develop an activity log extension with which you can keep a log of WordPress’ SEO changes related to Yoast SEO. This means you can track how the plugin is being used or who changed the settings, direct from your WordPress dashboard. In this post, we’re going to look at how to keep a log […]

Episode 116: Packagist Patch Shows How Supply Chain Threats Could Impact WordPress

https://www.wordfence.com/blog/2021/05/episode-116-packagist-patch-shows-how-supply-chain-threats-could-impact-wordpress/

A vulnerability discovered in Packagist, which is used by Composer to manage PHP package requests, could have allowed attackers to trick Composer into downloading backdoored source code, potentially affecting all WordPress sites. Packagist reports that it’s not aware of any exploits. A SQL injection vulnerability was patched in the CleanTalk AntiSpam plugin installed on over 100k sites. Vulnerabilities were discovered in Exim mail server, including 3 RCE vulnerabilities. We’re seeing some of the first trickle-down attacks from the Codecov supply chain attack, first from HashiCorp and then from Twilio. Apple releases iOS 14.5.1 to patch vulnerabilities in WebKit that are […]

WordPress Security Updates: April 2021

https://pagely.com/blog/wordpress-security-updates-april-2021/

This article covers our public notifications related to major security issues our clients and the WordPress community should know about. We are always focused on prevention and the mitigation of […]

WordPress Vulnerability Report: May 2021, Part 1

https://ithemes.com/wordpress-vulnerability-report-may-2021-part-1/

Vulnerable plugins and themes are the #1 reason WordPress websites get hacked. This report covers recent WordPress plugin, theme, and core vulnerabilities and what to do if you run one of the vulnerable plugins or themes on your website. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure and reporting of vulnerabilities is an integral part of keeping the WordPress community safe. Please share this post with your friends to help get the word out and make WordPress safer for everyone. In the May, Part 1 Report WordPress Core Vulnerabilities No new WordPress core vulnerabilities have been disclosed […]

SQL Injection: A Guide for WordPress Users

https://ithemes.com/sql-injection-wordpress/

If you’re serious about your website’s security, then it’s time to learn about the dangers of SQL injections and how you can combat them. The term SQL injection (also called SQLi) refers to a type of cyberattack technique that is a common way for hackers to compromise websites of all kinds, including sites that run WordPress as their content management system. In this guide, we’ll explain in detail what an SQL injection attack looks like, and the exact steps you need to take to avoid one. Let’s take a look. You’ll learn all about how these attacks work, why they’re […]

The Month in WordPress: April 2021

https://wordpress.org/news/2021/05/the-month-in-wordpress-april-2021/

As WordPress grows, both in usage as a CMS and in participation as a community, it’s important for us to shed the idea that software creation is only about what literally can be done to code or what literally can be done to core or what literally can be done to the CMS.  That was Josepha Haden Chomphosy on the “Your Opinion is Our Opportunity” episode of the WP Briefing Podcast, speaking about the importance of co-development and testing for the continued growth and maintenance of WordPress. This month’s updates align closely with these ideas. Read on and see for […]