Introducing 5.8 “Tatum”, our latest and greatest release now available for download or update in your dashboard. Named in honor of Art Tatum, the legendary Jazz pianist. His formidable technique and willingness to push boundaries inspired musicians and...
Today we are happy to announce update 1.7.0 of the WP 2FA plugin. It has already been one year and three months since we launched the plugin, and since then, we’ve learned a lot about how the plugin is used and how it should work to best serve our users’ needs. In...
In this episode, Josepha Haden Chomphosy discusses the importance of Diversity, Equity, and Inclusion to the fabric of the WordPress project and how we can move from a place of welcoming it to cherishing it. Have a question you’d like answered? You can submit them to...
An unauthenticated SQL Injection vulnerability affecting versions of WooCommerce on more than 5 million websites on the Internet has been disclosed to the public by Automattic.Due to the nature of the vulnerability, the WooCommerce team is rolling out compulsory...
This article covers our public notifications related to major security issues our clients and the WordPress community should know about. We are always focused on prevention and the mitigation of risk to our clients, and keeping you updated here is part of that...
Update: The article originally credited Tommy DeVoss (dawgyg) for the discovery. We’ve since been contacted by Tommy, who let us know that the credit should go to another researcher, Josh from DOS (Development Operations Security)On July 14, 2021, WooCommerce released...
WooCommerce has patched an unspecified, critical vulnerability identified on July 13, 2021, by a security researcher through Automattic’s HackerOne security program. The vulnerability impacts versions 3.3 to 5.5 of the WooCommerce plugin, as well as version 2.5 to 5.5...
One of the most common methods that hackers use to gain access to a WordPress site is a brute force attack. The best defense against such attacks is to keep a record of failed logins so you can limit them. This article explains how the WP Activity Log plugin keeps a...
Vulnerable plugins and themes are the #1 reason WordPress websites get hacked. The weekly WordPress Vulnerability Report powered by WPScan covers recent WordPress plugin, theme, and core vulnerabilities, and what to do if you run one of the vulnerable...
The third release candidate for WordPress 5.8 is now available! WordPress 5.8 is slated for release on July 20, 2021, and we need your help to get there—if you have not tried 5.8 yet, now is the time! You can test the WordPress 5.8 release candidate 3 in any of these...
This entry was posted in General Security, Vulnerabilities, WordPress Security on July 13, 2021 by Chloe Chamberland 3 RepliesWordPress has experienced exponential growth in the past several years and now holds over 42% of the CMS market share for all...
Vulnerable plugins and themes are the #1 reason WordPress websites get hacked. The weekly WordPress Vulnerability Report powered by WPScan covers recent WordPress plugin, theme, and core vulnerabilities, and what to do if you run one of the vulnerable...
The second release candidate for WordPress 5.8 is now available! 🎉 WordPress 5.8 is slated for release on July 20, 2021, and we need your help to get there—if you have not tried 5.8 yet, now is the time! You can test the WordPress 5.8 release candidate 2 in any of...
Is it important to know website security stats? Only if you don’t want to become one. Cybersecurity is at the forefront of issues that every company needs to pay attention to, especially if your website is critical to your business. Why? Every day, an average of...
In this episode, Josepha Haden Chomphosy talks about WordPress – In Person! The WordPress events that provide the dark matter of connection that helps sustain the open source project. Have a question you’d like answered? You can submit them to...
Security researchers accidentally leaked zero-day exploit code for a new Windows bug, now called PrintNightmare, while easily exploitable vulnerabilities in the ProfilePress plugin, previously called WP User Avatar, were patched quickly. An unprotected cloud database...
Once you step into contribution time, your main concern is the users of WordPress, or new contributors, or the health of the WordPress ecosystem as a whole or the WordPress project. So you get all this subject matter expertise from competitive forces, collaborating in...
WordPress runs on PHP, and is a core component to pay attention to when hardening your WordPress site. This article will cover some of the most common, low-hanging fruit you can address when it comes to PHP security for WordPress. Heads up – Be careful when making...
Vulnerable plugins and themes are the #1 reason WordPress websites get hacked. The weekly WordPress Vulnerability Report powered by WPScan covers recent WordPress plugin, theme, and core vulnerabilities, and what to do if you run one of the vulnerable...
The first release candidate for WordPress 5.8 is now available! 🎉 Please join us in celebrating this very important milestone in the community’s progress towards the final release of WordPress 5.8! “Release Candidate” means the new version is ready for release, but...
According to specification (and these helpful posts by Chris Coyier), CSS pseudo elements like ::before and ::after should be written with two preceding colons. It can be confusing because while pseudo elements are prefixed by two colons, like ::element, pseudo...