Transcript [00:00:00] Nathan Wrigley: Welcome to the Jukebox podcast from WP Tavern. My name is Nathan Wrigley. Jukebox is a podcast which is dedicated to all things WordPress. The people, the events, the plugins, the blocks, the themes, and in Continue reading #79 – Robert Abela on How to Keep Your WordPress Website Secure
WordPress 6.2.2 was released early this morning as a rapid follow-up to 6.2.1, which introduced a bug that broke shortcode support in block templates. Version 6.2.1 was also an important security release, but due to the catastrophic breakage for those Continue reading WordPress 6.2.2 Restores Shortcode Support in Block Templates, Fixes Security Issue
WordPress 6.2.2 is now available! The 6.2.2 minor release addresses 1 bug and 1 security issue. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 5.9 have also been updated. Continue reading WordPress 6.2.2 Security Release
This post discusses the recent compromise of the popular Essential Addons for Elementor plugin, assigned the CVE identifier CVE-2023-32243. The active Essential Addons for Elementor exploit affects over one million websites worldwide, including those hosted at GreenGeeks. Even if you’re Continue reading Security Update: Protecting Against the Essential Addons for Elementor Plugin Compromise
WordPress 6.2.1 was released today. Those with automatic background updates enabled should see a notice in their email, as updates rolled out earlier today. This is a maintenance and security release that includes important fixes for five security vulnerabilities outlined Continue reading WordPress 6.2.1 Released with Fixes for 5 Security Vulnerabilities
WordPress 6.2.1 is now available! This minor release features 20 bug fixes in Core and 10 bug fixes for the block editor. You can review a summary of the maintenance updates in this release by reading the Release Candidate announcement. Continue reading WordPress 6.2.1 Maintenance & Security Release
Essential Addons for Elementor, a plugin with more than a million active installs, has patched an unauthenticated privilege escalation vulnerability in version 5.7.2. The vulnerability was discovered on May 8, 2023, and reported by Patchstack researcher Rafie Muhammad. It was given Continue reading Essential Addons for Elementor Patches Critical Privilege Escalation Vulnerability
Advanced Custom Fields (ACF) has patched a reflected XSS vulnerability that affects versions 6.1.5 and below of ACF and ACF Pro, potentially impacting more than 2+ million users. It was discovered by Patchstack researcher Rafie Muhammad in February 2023, and patched Continue reading Advanced Custom Fields Plugin Patches Reflected XSS Vulnerability
WooCommerce Payments, a plugin that allows WooCommerce store owners to accept credit and debit card payments and manage transactions inside the WordPress dashboard, has patched an Authentication Bypass and Privilege Escalation vulnerability with a 9.8 (Critical) CVSS score. The plugin Continue reading WooCommerce Payments Plugin Patches Critical Vulnerability That Would Allow Site Takeover
Patchstack, a WordPress security maintenance and management tool, has published its “State of WordPress Security” whitepaper for 2022, tracking a few key metrics on publicly reported vulnerabilities. The findings highlight the risk of using unmaintained themes and plugins along with Continue reading Patchstack Tracks 328% More Security Bugs Reported in WordPress Plugins in 2022
Wordfence has published the details of two stored XSS vulnerabilities the company responsibly disclosed to the developers of the All In One SEO plugin in January 2023. The vulnerabilities potentially impacted more than 3 million users on versions 4.2.9 and Continue reading All In One SEO Patches Multiple Stored XSS Vulnerabilities in Version 4.3.0
Using 2FA to secure your WordPress website is by far one of the best security measures you can take. It adds an additional layer of security while being very easy to set up. Furthermore, it has a proven track record Continue reading How to recover from a WordPress 2FA lockout
Transcript [00:00:00] Nathan Wrigley: Welcome to the Jukebox podcast from WP Tavern. My name is Nathan Wrigley. Jukebox is a podcast which is dedicated to all things WordPress. The people, the events, the plugins, the blocks, the themes, and in Continue reading #61 – Robert Rowley on Securing Your WordPress Website
Security researchers at Doctor Web, a security company focused on threat detection and prevention, have discovered a malicious Linux program that targets WordPress sites running outdated and vulnerable plugins and themes. The malware targets 32-bit versions of Linux, but it Continue reading Linux Backdoor Malware Targets WordPress Sites with Outdated, Vulnerable Themes and Plugins
Web forms are incredibly useful tools. They allow you to gather important information about potential clients and site visitors, collect comments and feedback, upload files, subscribe new users to your blog, or even collect payment details. But if your forms Continue reading Input Validation for Website Security
Back in November of this year, we launched a second WordPress survey, this time aimed at understanding how WordPress administrators and website owners manage their WordPress websites. As promised, we will be sharing our findings, which is exactly what this Continue reading WordPress administration survey 2022 results
In September 2022, we released SSH for Business and eCommerce sites. SSH (secure shell protocol) allows you to access your site from the command line and use tools such as WP-CLI to manage your site, plugins, users, and more. Our Continue reading We Heard You Wanted to Add SSH Keys
In September, WordPress’ Security Team announced it would be dropping support for versions 3.7 through 4.0 by December 1, 2022. Yesterday the final releases for these versions (3.7.41, 3.8.41, 3.9.40, and 4.0.38) were made available to the very small percentage Continue reading WordPress Versions 3.7-4.0 No Longer Get Security Updates
You’re about to make an online purchase but all of a sudden you’re asked to decode a strangely twisted word, make a simple calculation, or identify which images presented include a bus. What just happened? What is this popup that Continue reading Why You Need CAPTCHA on Your WordPress Website
This Black Friday, we are offering an amazing 50% discount on all new plugin subscriptions. This is the perfect opportunity to shore up your WordPress security and administration (at a hefty discount) as we head into a busy festive season. Continue reading Black Friday deals 2022