WordPress malware finds WooCommerce sites for Magecart attacks

Image: Erik Mclean

Researchers at website security firm Sucuri have discovered a new WordPress malware used by threat actors to scan for and identify WooCommerce online shops with a lot of customers to be targeted in future Magecart attacks.

WooCommerce is an open-source WordPress plugin with over 5 million active installs and designed to make it easy to run e-commerce sites that can be used to “sell anything, anywhere.”

Attacking WooCommerce online stores is not something new as shown by previous attacks that were attempting to hack into online stores by brute-forcing admin…


More Info

Critical WordPress plugin bug allows for automated takeovers

Attackers can exploit a critical vulnerability in the WP Product Review Lite plugin installed on over 40,000 WordPress sites to inject malicious code and potentially take over vulnerable websites.

WP Product Review Lite helps site owners to quickly create custom review articles using pre-defined templates.

The plugin comes with support for including affiliate links, rich snippets, review widgets, as well as for buy buttons for additional monetization streams.

Persistent XSS leading to site takeover

The WP Product Review Lite bug found by the Sucuri Labs research team can be remotely…


More Info

WordPress Layouts | Customizing Key Pages on Your Website – WordPress.com

Before Kathryn Pressner became a WordPress.com Happiness Engineer (our name for customer support specialists), she spent several years as a freelance website designer, charging clients to build sites with customized WordPress themes. 

Though she had the chops — “my job took a lot of technical skill,” she says — she realized the inherent inefficiencies in her line of work. “To build a site designed from scratch that matches the brand and has custom features, the cost can add up,” she says. “And some business owners I worked with never became comfortable with…


More Info

Page Builder WordPress Plugin Bugs Could Allow Complete Site Takeover

Another WordPress plugin with over 1 million active installations has made it to the news due to security bugs. This time, it’s the Page Builder plugin for WordPress sites that has a couple of bugs allowing full site takeovers.

Page Builder WordPress Plugin Bugs

Wordfence has highlighted another vulnerable WordPress plugin that boasts more than 1 million active installations.

As revealed in their blog post, the popular WordPress plugin Page Builder by SiteOrigin had multiple security bugs. Exploiting these bugs could allow an adversary to gain complete control of the target…


More Info

Envato Launches Template Kits Marketplace for Elementor – WordPress Tavern

Watch out block patterns. There is an old player in town making the hard sell before you have even rolled out of bed. Envato just dropped a massive library of template kits for Elementor in your front yard.

Not to worry, the company plans to open things up for the block editor in the future. The Elementor page builder just makes the most sense right now. It was the first to market. It is mature and has a backing of 5 million users, many of whom will be accustomed to commercial upsells, and $15 million in recent funding. Financially, it is the smart play. The company can also test…


More Info

WordPress Google Sitemaps Automatic Integration Getting Closer

Last June we reported that Google was looking to build directly into WordPress the automatic generation and submission of XML Sitemaps. This way when you publish content, and you didn’t set up an XML Sitemap, the XML Sitemap file will be done automatically.

Gary Illyes from Google said on Twitter that WordPress might get native sitemap support!” He shared this tweet from Pascal Birchler, a Google engineer, who said “we’re making great progress towards a merge proposal for WordPress 5.5.” This is in regards to getting the XML Sitemaps feature plugin for WordPress built into…


More Info

WordPress Contributor Andy Fragen Shares His Experience as a Trauma Surgeon During the COVID-19 Pandemic – WordPress Tavern

Last weekend I had the opportunity to interview Andy Fragen, a longtime member of the WordPress community and core contributor. He is also the author of the GitHub Updater plugin, which allows developers to enable automatic updates to their GitHub, Bitbucket, GitLab, or Gitea hosted WordPress plugins, themes, and language packs. In the video below, Fragen gives us a window into his world on the frontlines as an acute care surgeon.

After working his shifts at the hospital, Fragen returns home and voluntarily keeps himself in semi-isolation from his wife and kids. He spends his…


More Info

Google WordPress plugin bug can be exploited for black hat SEO

A critical bug found in Google’s official WordPress plugin with 300,000 active installations could allow attackers to gain owner access to targeted sites’ Google Search Console.

Site Kit is a WordPress plugin designed by Google to help site owners to gain insight on how their visitors use and find their website via official stats collected from multiple Google tools and displayed directly in the WordPress dashboard.

The plugin also makes it easier to set up and configure key Google products such as the Search Console, Analytics, Tag Manager, PageSpeed Insights, Optimize, and…


More Info

Theme Developer Edition – WordPress Tavern

Themes with block editor styles on WordPress.org.

With full-site editing just around the bend, it is a fair question to ask whether the WordPress ecosystem is prepared for such a transition, particularly on the theme development side of things.

It is no secret that theme developers have struggled to keep up with the barrage of changes between Gutenberg plugin updates and, ultimately, major WordPress versions. It is also a fair question to ask who is steering the ship. Where are the site developers, theme authors, and other designers who spend every day crafting the front end of…


More Info

WordPress Two-Factor Authentication (2FA): what is it & using it on your site

The security of your WordPress website depends on the systems you put in place to protect it and harden its security. With the sharp increase of automated password guessing, your users’ sensitive information and access to your site are more at risk than ever.

This is why it’s so important to protect your WordPress site further by adding two-factor authentication. Because your site is only as strong as its weakest password.

In this article, we’ll illustrate what WordPress two-factor authentication is, why it’s so important, and how to implement it on your website with an easy to…


More Info