WordPress 5.8 Release Candidate 3

https://wordpress.org/news/2021/07/wordpress-5-8-release-candidate-3/

The third release candidate for WordPress 5.8 is now available! WordPress 5.8 is slated for release on July 20, 2021, and we need your help to get there—if you have not tried 5.8 yet, now is the time! You can test the WordPress 5.8 release candidate 3 in any of these three ways: Install and activate the WordPress Beta Tester plugin (select the Bleeding edge channel and then Beta/RC Only stream) Directly download the release candidate version (zip) Use WP-CLI to test: wp core update --version=5.8-RC3 Thank you to all of the contributors who tested the Beta/RC releases and gave feedback. […]

Common WordPress Vulnerabilities and Prevention Through Secure Coding Best Practices

https://www.wordfence.com/blog/2021/07/common-wordpress-vulnerabilities-and-prevention-through-secure-coding-best-practices/

WordPress has experienced exponential growth in the past several years and now holds over 42% of the CMS market share for all major sites. There are over 50,000 plugins available to download in the WordPress repository. That does not include the thousands of premium or open source plugins available outside of the repository, along with the thousands of themes that site owners can use to customize their WordPress site. With the vast assortment of plugins and themes, there are thousands of developers with unique backgrounds, coding styles, and preferences contributing to the WordPress ecosystem. The vast differences in developers’ styles […]

Magecart Swiper Uses Unorthodox Concatenation

http://feedproxy.google.com/~r/sucuri/blog/~3/tBEY85aW13A/magecart-swiper-uses-unorthodox-concatenation.html

MageCart is the name given to the roughly one dozen groups of cyber criminals targeting e-commerce websites with the goal of stealing credit card numbers and selling them on the black market. They remain an ever-growing threat to website owners. We’ve said many times on this blog that the attackers are constantly using new techniques to evade detection. In this post I will go over a case involving one such MageCart group. A Hacked Magento Website Some time ago a client of ours came to us with a heavily infected Magento e-commerce website from where credit card details were being […]

WordPress Vulnerability Report: July 2021, Part 1

https://ithemes.com/wordpress-vulnerability-report-july-7-2021/

Vulnerable plugins and themes are the #1 reason WordPress websites get hacked. The weekly WordPress Vulnerability Report powered by WPScan covers recent WordPress plugin, theme, and core vulnerabilities, and what to do if you run one of the vulnerable plugins or themes on your website. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure and reporting of vulnerabilities is an integral part of keeping the WordPress community safe. As one of the largest WordPress Vulnerability Reports to date, please share this post with your friends to help get the word out and make WordPress safer for everyone. In the July, […]

WordPress 5.8 Release Candidate 2

https://wordpress.org/news/2021/07/wordpress-5-8-release-candidate-2/

The second release candidate for WordPress 5.8 is now available! WordPress 5.8 is slated for release on July 20, 2021, and we need your help to get there—if you have not tried 5.8 yet, now is the time! You can test the WordPress 5.8 release candidate 2 in any of these three ways: Install and activate the WordPress Beta Tester plugin (select the Bleeding edge channel and then Beta/RC Only stream) Directly download the release candidate version (zip) Use WP-CLI to test: wp core update --version=5.8-RC2 Thank you to all of the contributors who tested the Beta/RC releases and gave feedback. […]

Website Security Stats You Should Know

https://ithemes.com/website-security-stats/

Is it important to know website security stats? Only if you don’t want to become one. Cybersecurity is at the forefront of issues that every company needs to pay attention to, especially if your website is critical to your business. Why? Every day, an average of 30,000 websites get hacked. This means every 39 seconds, a brand new cyberattack is occurring somewhere on the Internet. In fact, it’s really not a matter of if your site will become a target. It’s more a matter of when. To give you a clear idea on the current state of cyber threats in […]

WP Briefing: Episode 12: WordPress – In Person!

https://wordpress.org/news/2021/07/episode-12-wordpress-in-person/

In this episode, Josepha Haden Chomphosy talks about WordPress – In Person! The WordPress events that provide the dark matter of connection that helps sustain the open source project. Have a question you’d like answered? You can submit them to wpbriefing@wordpress.org, either written or as a voice recording. Credits Editor: Dustin Hartzler Logo: Beatriz Fialho Production: Chloé Bringmann Song: Fearless First by Kevin MacLeod References The tragedy of the commons WordPress 5.8 Release Candidate announcement Transcript Josepha Haden Chomphosy  00:11 Hello, everyone, and welcome to the WordPress Briefing, the podcast where you can catch quick explanations of the ideas behind […]

Episode 124: PrintNightmare 0Day Exploit Accidentally Leaked Online

https://www.wordfence.com/blog/2021/07/episode-124-printnightmare-0day-exploit-accidentally-leaked-online/

Security researchers accidentally leaked zero-day exploit code for a new Windows bug, now called PrintNightmare, while easily exploitable vulnerabilities in the ProfilePress plugin, previously called WP User Avatar, were patched quickly. An unprotected cloud database containing over 814 million DreamHost user records was found online. Google Chrome is getting a HTTPS-only feature in an upcoming version, and two bugs, one of which is a zero-day, are leading to attackers fighting over control of internet-connected Western Digital My Book Live devices. Here are timestamps and links in case you’d like to jump around, and a transcript is below. 0:15 Researchers accidentally […]

The Month in WordPress: June 2021

https://wordpress.org/news/2021/07/the-month-in-wordpress-june-2021/

Once you step into contribution time, your main concern is the users of WordPress, or new contributors, or the health of the WordPress ecosystem as a whole or the WordPress project. So you get all this subject matter expertise from competitive forces, collaborating in a very “us versus the problem” way. And when you do that, you’re always going to find a great solution. In the “WordCamp Europe 2021 in Review” episode of the WP Briefing podcast, Josepha Haden talks about the importance of collaboration, which is vital in building WordPress. This edition of The Month in WordPress covers exciting […]

Hardening PHP for WordPress

https://www.wpwhitesecurity.com/php-hardening-wordpress/

WordPress runs on PHP, and is a core component to pay attention to when hardening your WordPress site. This article will cover some of the most common, low-hanging fruit you can address when it comes to PHP security for WordPress. Heads up – Be careful when making changes to your PHP settings. Incorrect settings and syntax may damage your website. Always test your changes in a development or staging environment before making changes in production. Table of contents Use the latest PHP version Suppress the PHP version Remove any phpinfo() files Suppress PHP errors and warnings Restrict includes Disable remote […]