If you’re running an online business using WooCommerce, ensuring your site’s security is of paramount importance. While security requires a 360-degree approach with continuous monitoring, improving, testing, and hardening, low-hanging fruit such as user 2FA...
Today’s post is part two of a two part blog post. It describes a cross site scripting vulnerability in the Easy Social Icons plugin that exploits the PHP_SELF variable. In yesterday’s post, we described another plugin, underConstruction, suffering from a similar...
One of the most frustrating and stressful situations you could ever run into as a WordPress site owner is finding out that your site has been hacked. One minute your site is humming along, bringing in traffic and, hopefully, revenue. And then, next thing you know, you...
Today’s post is part one of a two part blog post. It describes a cross site scripting vulnerability that exploits the PHP_SELF variable. Tomorrow we will publish part two, which describes another plugin suffering from a similar vulnerability related to the use of...
Thanks to @javiarce & @annezazu for design and copy contributions. An exciting update to the Gallery Block gives you more ways...
WooCommerce shipped version 5.7.0 through a forced update for some users earlier this week. The minor release was not billed as a security update but the following day WooCommerce published a post explaining that the plugin was vulnerable to having analytics reports...
Aurelio Volle is the Chief Marketing Officer and Product Owner of LIVEN – the umbrella company that has brought us Image SEO Optimizer and WP Umbrella – a PHP errors, performance, and uptime monitoring service for WordPress. With 4 degrees to his name, he works as a...
On August 3, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for two vulnerabilities that were discovered in Ninja Forms, a WordPress plugin installed on over 1,000,000 sites. These flaws made it possible for an attacker to...
Have you ever heard of a zero-day vulnerability or a zero-day attack on a WordPress site? If not, you’re not alone. While WordPress site owners typically have a strong understanding of WordPress security and the measures required to maintain a secure site, it’s almost...
In addition to this episode’s small list of big things, Josepha Haden Chomphosy reviews the upcoming 5.9 WordPress release and its Full Site Editing features. Have a question you’d like answered? You can submit them to wpbriefing@wordpress.org, either written or as a...
Looking after the security of your WordPress website involves a lot of different tasks. One of the tasks is to make sure that the plugins, themes and WordPress version that you are using on your website do not have any known vulnerabilities. Luckily, this task can be...
WordPress contributors around the world are celebrating the sixth Global WordPress Translation Day throughout the entire month of September! That’s 30 days dedicated to help and encourage the volunteers that translate the software and its related resources. One of the...
As a WordPress site owner, have you considered using nulled WordPress plugins and themes on your website? Or are you currently using a nulled WordPress plugin or theme on your WordPress site right now? If you’re not familiar with nulled WordPress plugins and themes,...
As a WordPress site owner, have you considered using nulled WordPress plugins and themes on your website? Or are you currently using a nulled WordPress plugin or theme on your WordPress site right now? If you’re not familiar with nulled WordPress plugins and themes,...
WordPress 5.8.1 is now available! This security and maintenance release features 60 bug fixes in addition to 3 security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 5.4 have also been...
We are happy to announce our first plugin acquisition as we pursue our mission to build value-driven WordPress security and admin plugins. This new acquisition will undoubtedly help us deliver more value to our customers. The Advanced noCaptcha & invisible Captcha...
We are happy to announce update 2.4.1 of the Password Policy Manager for WordPress plugin. This update includes several new features and housekeeping updates designed to improve the plugin’s functionality, usability, and performance. Let’s dive right in to see what is...
What exactly is the difference between HTTP vs HTTPS? HTTP has been used by websites since the inception of the public Internet. However, in 2014, Google put out a strong recommendation that all websites switch from HTTP to HTTPS. Up until that point, it was mostly...
Logs provide the foundational data to support performance, user and technical monitoring on your WordPress sites and the web servers they run. With them you can understand who changed what and when. You can then use this log data to troubleshoot technical and...
Wordfence is used by millions of free and paid customers around the world to secure their WordPress websites. We serve a broad range of customers across the globe, from diverse cultures, with diverse backgrounds, and who have diverse political views. As an...
In WordPress, popular plugins are often the most exploited plugins. There is a reason for that: the more popular a plugin is, the more sites it is installed on, and therefore the rewards of a vulnerability on a popular plugin are huge for a hacker. In order to...