Millions of WordPress sites are being probed & attacked with recent plugin bug

[ad_1]

wordpress.jpg

Millions of WordPress sites have been probed and attacked this week, Defiant, the company behind the Wordfence web firewall said on Friday.

The sudden spike in attacks happened after hackers discovered and started exploiting a zero-day vulnerability in “File Manager,” a popular WordPress plugin installed on more than 700,000 sites.

The zero-day was an unauthenticated file upload vulnerability[12] that allowed an attacker to upload malicious files on a site running an older version of the File Manager plugin.

It’s unclear how…

[ad_2]
More Info

WordPress Support Team Seeks to Curb Support Requests for Commercial Plugins and Themes – WordPress Tavern

[ad_1]

WordPress’ Support Team contributors are discussing how they can curb support requests for commercial products on the official WordPress.org forums. Users sometimes seek help for commercial product upgrades on the forums of the free version, not knowing that the moderators’ official policy is to refer them to the extension’s commercial support channel. In other instances, it is not immediately clear whether the issue is with the free version or a paid upgrade that the user has installed.

“This has come up a few times the past weeks, mostly in relation to plugins that…

[ad_2]
More Info

Gutenberg 8.9 Brings Block-Based Widgets Out of the Experimental Stage – WordPress Tavern

[ad_1]

On Wednesday, September 2, Gutenberg 8.9 launched with a set of new features, enhancements, and several bug fixes. The development team took the block-based widgets system out of its experimental stage, making it the default experience for all plugin users.

Block-based widgets have taken months upon months of work. The team has surpassed some of my expectations by essentially sticking a square peg into a square hole, granting the power of blocks to the sidebars/widgets system. On the whole, the system works. However, the team still has a lot of work to mold this feature into the…

[ad_2]
More Info

Benefits of WordPress – Business 2 Community

[ad_1]

benefits of wordpressSo, you’re looking for a Content Management System (CMS) for your website? Well, you’re in luck because there are so many options to choose from. You’re probably thinking, how can I possibly choose which one to use when they’re all telling me why their CMS is the best choice? Begin by asking yourself the following questions:

  • What’s going to be the best option for my website?
  • Do I play the short game or do I look at the long term?
  • What about ease of use?
  • Will I be able to make changes myself or am I going to have to hire to get everything done?
  • Will I be able to create my website…
[ad_2]
More Info

WordPress Gets a Name, Joomla Is Feature-Complete & More Open Source CMS News

[ad_1]

woman working in a newstand


PHOTO:
Kat Coffe

WordPress announced that the new version of its CMS, WordPress 5.5 will now be called Eckstine in honor of Billy Eckstine, one of the most renowned jazz singers in the US. The update aims at improving the CMS in three areas: speed, security and search. 

Among its features, WordPress 5.5 now makes faster page loading possible thanks to a concept known as “lazy loading.” At the same time, the new version also helps the overall website SEO by including an improved XML sitemap that enables search engines to discover websites quicker. Also, with 5.5, users can now set…

[ad_2]
More Info

WordPress Plugin Authors Should Avoid Confusing Users When Naming Blocks – WordPress Tavern

[ad_1]

On May 4, the StudioPress development team made a small but significant user-facing change to its Atomic Blocks plugin (now rebranded to Genesis Blocks). It removed the “AB” branding from its block titles. This minor update changed block titles such as AB Accordion and AB Button to Accordion and Button, respectively. On the surface, this change probably seemed of little consequence to the developers on the project. However, for at least one user, it created a massive workload.

Unless users religiously followed the GitHub code commits, they would have missed this update. Stacked…

[ad_2]
More Info

Critical Vulnerability in File Manager Plugin Affecting 700k WordPress Websites

[ad_1]

Security Risk: High

Exploitation Level: Easy

DREAD Score: 9.8

Vulnerability: File upload

Patched Version: 6.9

Yesterday, the WordPress plugin File Manager was updated, fixing a critical vulnerability allowing any website visitor to gain complete access to the website.

Users of our WAF were never vulnerable to this exploit. The Sucuri firewall blocks malicious payloads by default using our generic exploitation rules.

Technical Details

The vulnerability originated from the remains of a development environment on version 6.4 nearly 4 months ago, where a file was renamed to test certain features. The…

[ad_2]
More Info

WordPress 5.5.1 fixes millions of websites caused by previous update

[ad_1]

WordPress is now fixing issues that broke millions of WordPress websites with the previous major update WordPress v5.5. Well, WordPress 5.5.1 update marks an important maintenance update that will put an end to annoying issues being faced by WordPress blogs and site owners.

WordPress WooCommerce

WordPress 5.5.1 fixes millions of broken websites

Last month, WordPress released a major v5.5 update that was supposed to improve the CMS performance with certain fixes and enhancements. But somehow, it turned out to be quite the opposite and. As a result, many bloggers and site owners started reporting problems

[ad_2]
More Info

Yoast SEO WordPress Plugin Introduces Indexables in Version 14.0

[ad_1]

This may seem like common sense, but it bears remembering that the main purpose of search engineYoast SEO WordPress plugin introduces indexables in version 14.0. optimization (SEO) is to think like a search engine. As such, we do everything we can to ensure search engines can retrieve as much information from our websites as possible to earn a higher SERP (search engine result page) rank.

The Yoast SEO WordPress plugin (see image below) was created, according to Yoast’s Chief Product Officer, Joost de Valk, to “[make] it easy for your site to meet the highest technical SEO standards.” The new Yoast SEO 14.0 update, which was released at the end of…

[ad_2]
More Info