Page Builder WordPress Plugin Bugs Could Allow Complete Site Takeover

[ad_1]

Another WordPress plugin with over 1 million active installations has made it to the news due to security bugs. This time, it’s the Page Builder plugin for WordPress sites that has a couple of bugs allowing full site takeovers.

Page Builder WordPress Plugin Bugs

Wordfence has highlighted another vulnerable WordPress plugin that boasts more than 1 million active installations.

As revealed in their blog post, the popular WordPress plugin Page Builder by SiteOrigin had multiple security bugs. Exploiting these bugs could allow an adversary to gain complete control of the target…

[ad_2]
More Info

Envato Launches Template Kits Marketplace for Elementor – WordPress Tavern

[ad_1]

Watch out block patterns. There is an old player in town making the hard sell before you have even rolled out of bed. Envato just dropped a massive library of template kits for Elementor in your front yard.

Not to worry, the company plans to open things up for the block editor in the future. The Elementor page builder just makes the most sense right now. It was the first to market. It is mature and has a backing of 5 million users, many of whom will be accustomed to commercial upsells, and $15 million in recent funding. Financially, it is the smart play. The company can also test…

[ad_2]
More Info

WordPress Google Sitemaps Automatic Integration Getting Closer

[ad_1]

Google and WordPress

Last June we reported that Google was looking to build directly into WordPress the automatic generation and submission of XML Sitemaps. This way when you publish content, and you didn’t set up an XML Sitemap, the XML Sitemap file will be done automatically.

Gary Illyes from Google said on Twitter that WordPress might get native sitemap support!” He shared this tweet from Pascal Birchler, a Google engineer, who said “we’re making great progress towards a merge proposal for WordPress 5.5.” This is in regards to getting the XML Sitemaps feature plugin for WordPress built into…

[ad_2]
More Info

WordPress Contributor Andy Fragen Shares His Experience as a Trauma Surgeon During the COVID-19 Pandemic – WordPress Tavern

[ad_1]

Last weekend I had the opportunity to interview Andy Fragen, a longtime member of the WordPress community and core contributor. He is also the author of the GitHub Updater plugin, which allows developers to enable automatic updates to their GitHub, Bitbucket, GitLab, or Gitea hosted WordPress plugins, themes, and language packs. In the video below, Fragen gives us a window into his world on the frontlines as an acute care surgeon.

After working his shifts at the hospital, Fragen returns home and voluntarily keeps himself in semi-isolation from his wife and kids. He spends his…

[ad_2]
More Info

Google WordPress plugin bug can be exploited for black hat SEO

[ad_1]

Google WordPress plugin bug can be exploited for black hat SEO

A critical bug found in Google’s official WordPress plugin with 300,000 active installations could allow attackers to gain owner access to targeted sites’ Google Search Console.

Site Kit is a WordPress plugin designed by Google to help site owners to gain insight on how their visitors use and find their website via official stats collected from multiple Google tools and displayed directly in the WordPress dashboard.

The plugin also makes it easier to set up and configure key Google products such as the Search Console, Analytics, Tag Manager, PageSpeed Insights, Optimize, and…

[ad_2]
More Info

Theme Developer Edition – WordPress Tavern

[ad_1]

Screenshot of the block-based themes in the WordPress theme directory.
Themes with block editor styles on WordPress.org.

With full-site editing just around the bend, it is a fair question to ask whether the WordPress ecosystem is prepared for such a transition, particularly on the theme development side of things.

It is no secret that theme developers have struggled to keep up with the barrage of changes between Gutenberg plugin updates and, ultimately, major WordPress versions. It is also a fair question to ask who is steering the ship. Where are the site developers, theme authors, and other designers who spend every day crafting the front end of…

[ad_2]
More Info

WordPress Two-Factor Authentication (2FA): what is it & using it on your site

[ad_1]

The security of your WordPress website depends on the systems you put in place to protect it and harden its security. With the sharp increase of automated password guessing, your users’ sensitive information and access to your site are more at risk than ever.

This is why it’s so important to protect your WordPress site further by adding two-factor authentication. Because your site is only as strong as its weakest password.

In this article, we’ll illustrate what WordPress two-factor authentication is, why it’s so important, and how to implement it on your website with an easy to…

[ad_2]
More Info

WordPress2Doc – a free ebook converter for free WordPress.com blogs

[ad_1]

Hurrah, there is freeware to get a free WordPress site to Word as a .DOCX file, and thence to an ebook. Only the one, and hardly known to search-engines, but it’s for Windows and it works. WordPress2Doc comes from Germany and was last updated by the author, Raffael Herrmann, in December 2017. The source code for WordPress2Doc is on Github.

It has some nice features…

* Select only certain posts from your exported .XML feed.

* There’s a post preview, over in a side-panel.

* Images are called and embedded (so long as the source WordPress blog is public, presumably).

* The blog’s…

[ad_2]
More Info

WordPress Page Builder Plugin Bugs Threaten 1 Million Sites with Full Takeover – Threatpost

[ad_1]

wordpress plugin page builder security bug

Severe CSRF to XSS bugs open the door to code execution and complete website compromise.

Page Builder by SiteOrigin, a WordPress plugin with a million active installs that’s used to build websites via a drag-and-drop function, harbors two flaws that can allow full site takeover.

According to researchers at WordPress, both security bugs can lead to cross-site request forgery (CSRF) and reflected cross-site scripting (XSS). They “allow attackers to forge requests on behalf of a site administrator and execute malicious code in the administrator’s browser,” according to Wordfence…

[ad_2]
More Info

Apache 101: 0-WordPress in 15 minutes

[ad_1]

Hellfire missiles not included.
Enlarge / Hellfire missiles not included.


Recently, we took a look at the Caddy Web server. Today, we’re going to back things up a little bit and look at the A from the classic LAMP stack: the Apache Web server.

Apache has a bad reputation for being old, crusty, and low-performance—but this idea mostly stems from the persistence of ancient guides that still show users how to set it up in extremely antiquated ways. In this guide, we’re going to set up an Ubuntu 20.04 droplet at Digital Ocean with an Apache Web server set up properly and…

[ad_2]
More Info