In reviewing reports of vulnerabilities in WordPress plugins to provide our customers with the best data on vulnerabilities in plugins they use, we often find that there are reports for things that don’t appear to be vulnerabilities. For more problematic Continue reading Not Really a WordPress Plugin Vulnerability, Week of January 26
Yesterday, the Bleeping Computer ran a story headlined “Hackers target WordPress database plugin active on 1 million sites,” written by Bill Toulas. The plugin being referenced was Better Search Replace, which had a security change in the latest version. There Continue reading Contrary to Bleeping Computer Story, Hackers Don’t Seem to Have Targeted Security Issue in Better Search Replace
One of the many issues we now check for when doing security reviews of WordPress plugins is proper usage of the sanitize_callback when using register_setting() to register settings. That helps to make sure that settings of the plugin don’t contain Continue reading How to Use the sanitize_callback When Using the WordPress register_setting() Function
One of the tools we have to try to help make WordPress plugins more secure is our Plugin Security Checker, which flags possible security issues in WordPress plugins. From time to time, we spot check the results of plugins from Continue reading Catching a Future Vulnerability in a WordPress Plugin With Our Plugin Security Checker
Recently someone left a message on the support forum of the WordPress plugin WP Child Theme Generator writing about their concern about continuing to use the plugin based on Wordfence claiming it contains a “critical vulnerability:” This critical vulnerability has Continue reading Wordfence is Claiming It Is a Critical Vulnerability for WordPress Administrators to Upload Arbitrary Files
In the Python world, many developers love the NoSQL database Redis because of its speed and the availability of a robust assortment of client libraries. In the WordPress world, Redis is often the go-to technology when a persistent object cache Continue reading Power up WordPress with Python and Redis
Suppose you ask some AI-based chat app a reasonably simple, straightforward question. Let’s say that app is ChatGPT, and the question you ask is right in its wheelhouse, like, “What is Langchain?” That’s really a softball question, isn’t it? ChatGPT Continue reading A Simple Guide To Retrieval Augmented Generation Language Models