Help Steer the Future of WordPress via the FSE Outreach Program – WordPress Tavern

[ad_1]

All hands on deck. 2021 will be the year of the Site Editor.

Anne McCarthy announced the official start of the Full-Site Editing (FSE) Outreach Program last Friday on the Make Core blog. The program is primarily geared toward end-users. With few channels for average users to communicate with the development team, this offers an opportunity for them to provide direct feedback.

This announcement comes on the heels of Matias Ventura’s full overview of the FSE project. In the post, he laid out where specific FSE features currently stand and what needs to happen to bring the project…

[ad_2]
More Info

WordPress plugin with 5 million installs has a critical vulnerability

[ad_1]

The team behind a popular WordPress plugin has disclosed a critical file upload vulnerability and issued a patch.

The vulnerable plugin, Contact Form 7, has over 5 million active installs making this urgent upgrade a necessity for WordPress site owners out there.

Unrestricted file upload

This week, Contact Form 7 project has disclosed an unrestricted file upload vulnerability (CVE pending) in the WordPress plugin that can allow an attacker to bypass Contact Form 7’s filename sanitization protections when uploading files.

An attacker can upload a crafted file with arbitrary code…

[ad_2]
More Info

WordPress Redux Plugin Vulnerability Affects +1 Million Sites

[ad_1]

Redux, a popular WordPress plugin with more than 1 million active installations recently patched a vulnerability. The vulnerability allowed an attacker to bypass security measures in a Cross-Site Request Forgery (CSRF) attack.

Cross-Site Request Forgery

A Cross-Site Request Forgery (CSRF) attack is a method where an attacker exploits a vulnerability in the code that allows them to perform actions on a website. This kind of attack exploits the credentials of an authenticated user.

The U.S. Department of Commerce defines CSRF like this:

“A type of Web exploit where an unauthorized party causes…

[ad_2]
More Info

Learn WordPress site launched – To help people learn its CMS

[ad_1]

To increase its popularity and the diversity within the CMS, WordPress has launched a new platform called Learn WordPress. Considering that a wonderful community has always had WordPress’s back, Learn WordPress will be a fantastic place where upcoming enthusiasts can access workshops, quizzes, courses, and even lesson plans.

WordPress WooCommerce

Learn WordPress site launched

As you can guess, this website would be preparing tech enthusiasts to create the best content for the WordPress CMS, not just in terms of core development but also themes, extensions, and more.

The Learn WordPress team aims to…

[ad_2]
More Info

Learn WordPress Platform Launches with Free Courses, Workshops, and Lesson Plans – WordPress Tavern

[ad_1]

WordPress.org has officially launched its new “Learn WordPress” platform, a free educational resource that includes courses, workshops, quizzes, lesson plans, and discussion groups. The material spans the spectrum of WordPress experience from beginners to advanced, and and allows users to learn asynchronously at their own pace. After a successful beta launch in August, the platform is now ready for the public.

Traditionally, most WordPress learning opportunities have been in-person at WordCamps and local meetups. Since large gatherings have been put on pause this year due to…

[ad_2]
More Info

Record and Track Past Events With the LifePress Calendar Plugin – WordPress Tavern

[ad_1]

Two weeks ago, Ashan Jay released LifePress to the WordPress plugin directory. It is an interactive, front-end calendar for tracking past events — a journal of sorts. For a version 1.0 launch, it has enough features with just the right touch of simplicity to show promise.

This is not Jay’s first rodeo when it comes to calendar-based plugins. He is also the creator of EventON, a virtual event calendar for WordPress.

The goal of the plugin is simple. As its description reads, “LifePress is a calendar based journal recorder that will allow you to track back progress and review…

[ad_2]
More Info

What are WordPress plugins? – Security Boulevard

[ad_1]

If you are new to WordPress, you might be wondering what are WordPress plugins and what’s their purpose.

It’s a reasonably common question to ask because plugins are an important part of the WordPress ecosystem. They are essential if you want to build a website with WordPress.

In this article, we explain what WordPress plugins are, what’s their purpose on a website, and how they work. Then, we’ll give you a few tips on how to add plugins to your site and manage them correctly.

Let’s dive right in!

Table of content

What are WordPress plugins?

WordPress is a very basic blogging and…

[ad_2]
More Info

G2 Components, a From-Scratch Reimagining of WordPress Components – WordPress Tavern

[ad_1]

Update some of the things.

That was the goal that Jon Quach, a Principal Designer at Automattic, laid out in the roadmap for integrating the G2 Components project into Gutenberg and, eventually, core WordPress. The project is a reimagining of the pieces that make the block editor, a “from-scratch” overhaul of the component system. Updating all of the things or even many of the things at once runs the risk of breaking everything.

“Ideally, what should happen is you should update just some of the things in a very controlled and intentional manner,” wrote Quach in the post….

[ad_2]
More Info

Best web hosting in 2021: Find the right service for your site

[ad_1]

There are thousands of web hosting providers. Some hosting companies run their own data centers. Others rent virtual machines from cloud service providers. All provide some way for their customers to appear online. But choosing the web hosting service that’s right for you can prove to be quite the challenge. While you no longer need to be a programmer or an IT professional to properly configure a web presence, you do need to understand marketing and design and know how to get your message across.

We’ve spotlighted…

[ad_2]
More Info

Zero-day in WordPress SMTP plugin abused to reset admin account passwords

[ad_1]

WordPress Easy WP SMTP

Hackers are resetting passwords for admin accounts on WordPress sites using a zero-day vulnerability in a popular WordPress plugin installed on more than 500,000 sites.

The zero-day was used in attacks over the past weeks and was patched on Monday.

It impacts Easy WP SMTP, a plugin that lets site owners configure the SMTP settings for their website’s outgoing emails.

According to the team at Ninja Technologies Network (NinTechNet), Easy WP SMTP 1.4.2 and older versions of the plugin contain a feature that creates debug logs for all emails sent…

[ad_2]
More Info