WordPress 5.9.2 is now available! This security and maintenance release features 1 bug fix in addition to 3 security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have Continue reading WordPress 5.9.2 Security and Maintenance Release
UpdraftPlus, a plugin that allows users to backup to various cloud providers, has patched a severe security vulnerability that would allow logged-in users to download a site’s latest backups. The patched version (1.22.3) was sent out via a forced auto-update, a Continue reading UpdraftPlus 1.22.3 Patches Severe Vulnerability Through Forced Security Update from WordPress.org
Essential Addons for Elementor, a popular plugin with more than a million active installs, has patched a critical vulnerability that would allow for a local file inclusion attack. The vulnerability was discovered by security researcher Wai Yan Myo Thet and Continue reading Essential Addons for Elementor Patches Critical Security Vulnerability
This security release features four security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated. WordPress 5.8.3 is a short-cycle security release. The next Continue reading WordPress 5.8.3 Security Release
The All In One SEO plugin has patched a set of severe vulnerabilities that were discovered by the Jetpack Scan team two weeks ago. Version 4.1.5.3, released December 8, includes fixes for a SQL Injection vulnerability and a Privilege Escalation Continue reading All In One SEO Plugin Patches Severe Vulnerabilities
A WordPress website is like a child; needing constant care, endless love, strong support, and a fulltime caretaker. And, which parent doesn’t want the very best WordPress maintenance and support services for their infant who’s someday going to grow up Continue reading 22 Best WordPress Maintenance and Support Services in 2022
A WordPress website is like a child; needing constant care, endless love, strong support, and a fulltime caretaker. And, which parent doesn’t want the very best WordPress maintenance and support services for their infant who’s someday going to grow up Continue reading 22 Best WordPress Maintenance and Support Services in 2022
tl;dr: Never test vulnerabilities on someone else’s live site without their permission. By now, a lot of you have read the post about the so-called “WordPress Plugin Confusion” whereby a plugin hosted on WordPress.org can ‘override’ a plugin not hosted Continue reading Please don’t ‘test’ submitting other people’s plugins.
A few years ago I attended Laracon EU where Marcus Bointon gave a great talk on Crypto in PHP 7.2. I left the talk having a much greater appreciation for how vastly complicated cryptography is, but also for how PHP Continue reading Best Ways to Encrypt Passwords, Keys, & More with PHP in 2022
Find out all about the reasons behind significant Word Press security vulnerabilities and how to mitigate them. The post A Detailed Look Into WordPress’s Security Vulnerabilities appeared first on Security Ninja. ShareTweetSharePostSharePin It!
Your WordPress or WooCommerce store’s health is absolutely critical nowadays both in terms of performance and security. Having a slow site or one that has been defaced does not exactly demonstrate technical proficiency and inspire trust from your visitors. Generally Continue reading Automating WordPress Health Checks with WP-CLI doctor Command
Previously I have shown how to install WPScan on Ubuntu installation guide (for Ubuntu 16.04) and debian but what if you want to scan locally and not remotely? Especially if a site is protected from WPScan using protection methods that prevent Continue reading Using WP-CLI to Scan for WordPress Security Vulnerabilities
Recently I had Tim Nash, the WordPress platform lead at 34SP.com, speak at the local WordPress meetup I help run. It’s the third time Tim has spoken at the meetup, and in the past he has spoken about site security Continue reading An Introduction to WordPress Penetration Testing
We’ve had the tremendous pleasure of working with WP Engine for nearly 5 years, starting when both companies employed fewer than 100 people in total. From the beginning, we noticed striking similarities between our two companies—both were founded in 2010, Continue reading Welcome, WP Engine!
WordPress has made great strides in its effort to democratize publishing, making the ability to publish content on the web accessible to a very large number of people all over the world. Today, it powers roughly 28% of the websites Continue reading WordPress Security Fundamentals: How to Not Get Hacked
Over 25% of all websites use WordPress, and over 10% of all internet traffic flows through CloudFlare; WordPress + CloudFlare has always been a winning combination, and now with CloudFlare’s new WordPress plugin, it’s easier than ever to make your Continue reading CloudFlare’s new WordPress plugin
TL;DR — HTTP/2 is awesome, but requires HTTPS, which is hard to setup. Let’s Encrypt and WordPress can make HTTPS setup simple and help achieve a faster web sooner. My eyes are heavy, my head foggy. Kind of feels like Continue reading HTTP/2, HTTPS, Let’s Encrypt and WordPress
As many are aware, CloudFlare launched Universal SSL several months ago. We saw lots of customers sign up and start using these new, free SSL certificates. For many customers that didn’t already have an SSL certificate, they were able to Continue reading Flexible SSL & WordPress: Fixing “Mixed Content” Errors