WP Bakery WordPress Vulnerability Affects Millions of Sites

Researchers discovered a vulnerability in WP Bakery page builder that allows an attacker to inject malicious JavaScript into pages and posts. The vulnerability allows an attacker to inject code into pages and posts that then attacks site visitor browsers.

Authenticated Stored Cross-Site Scripting (XSS) Vulnerability

Cross-site scripting vulnerabilities are characterized by an attacker gaining the ability to target the browsers of visitors through the use of malicious scripts that were surreptitiously placed on a website.

XSS attacks are among the most prevalent type of vulnerabilities.

This…


More Info

WordPress 5.6 Due December 2020 is Scaled Back

WordPress had intended to include the menu navigation screen in Gutenberg 9.1 and WordPress 5.6. Development fell behind and it was decided to remove it from WordPress 5.6 and focus on the Gutenberg widgets screen functionality instead.

Gutenberg Navigation Screen

Gutenberg is a WordPress project whose goal is to modernize the process of building websites. Gutenberg uses a drag and drop interface.

The Gutenberg part of WordPress however is still under development, it’s an ongoing project. The different parts of building a website are rolled out one at a time as they are finished.

More Info

Exploring Full-Site Editing With the Q WordPress Theme – WordPress Tavern

I have been eagerly awaiting the moment when I could install a theme and truly test Gutenberg’s full-site editing feature. By and large, each time I have tested it over the past few months, the experience has felt utterly broken. This is why I have remained skeptical of seeing the feature land in WordPress 5.6 this December.

The Q theme by Ari Stathopoulos is the first theme that seems to be a decent working example. Whether that is a stroke of luck with timing or that this particular theme is simply built correctly is hard to tell — Stathopoulos is a team rep for the Themes…


More Info

Post Grid WordPress Plugin Flaws Allow Site Takeovers – Threatpost

Team Showcase, a sister plugin, is also vulnerable to the XSS and PHP object-injection bugs — together they have 66,000 installs.

Two high-severity vulnerabilities in Post Grid, a WordPress plugin with more than 60,000 installations, opens the door to site takeovers, according to researchers. To boot, nearly identical bugs are also found in Post Grid’s sister plug-in, Team Showcase, which has 6,000 installations.

The issues are a cross-site scripting (XSS) flaw as well as a PHP object-injection issue. Both bugs are pending CVE…


More Info

Here’s how to install it

Cloudflare announced a new site speed optimization service called Automatic Platform Optimization. The service launched with support for WordPress, but it requires several steps to enable it for self-hosted sites.

To help sites perform better with Google’s Core Web Vitals, Cloudflare debuted a new feature called Automatic Platform Optimization (APO). Cloudflare claims that using the APO on WordPress – the only platform that is currently supported – results in “a 72% reduction in Time to First Byte (TTFB), 23% reduction to First Contentful Paint, and 13% reduction in Speed…


More Info

Cloudflare Partners with WordPress – Free to $5/month

Cloudflare announced a new service that dramatically speeds up any WordPress website with improvements of up to 72% in Time to First Byte. Cloudflare is partnering with WordPress.com hosting to provide the new service for free. Anyone not hosted there can claim sign up for as little as $5 per month. Sites on modest shared hosts can experience dramatic improvements in speed.

The service is called, Automatic Platform Optimization (APO). Sites using APO have improved Time to First Byte (TTFB) by 72% and Largest Contentful Paint by 23%.

Shared Hosting Bottlenecks Solved

Shared hosting has…


More Info

Jetpack 9.0 to Introduce New Feature for Publishing WordPress Posts to Twitter as Threads – WordPress Tavern

Jetpack 9.0, coming on October 6, will debut a new feature that allows users to share blog posts as Twitter threads in multiples tweets. A recent version of Jetpack introduced the ability to import and unroll tweetstorms for publishing inside a post. The 9.0 release will run it back the other way so the content originates in WordPress, yet still reaps all the same benefits of circulation on Twitter as a thread.

The new Twitter threads feature is being added as part of Jetpack’s Publicize module under the Twitter settings. After linking up a Twitter account, the Jetpack sidebar…


More Info

What are WordPress admin notices (and how do they work)?

Even if you’re new to WordPress, you’ll be familiar with admin notices. They’re the messages that show up on your dashboard to let you know about updates, errors, changes and more.

Admin notices give you critical information about your site, which enables you to take timely action. Moreover, if you’re a theme or plugin developer, knowing how to add admin notices to WordPress is important since they allow you to easily communicate messages to your users.

In this article, we’ll go over the different types of admin notices you can use. We’ll talk about situations where it makes…


More Info

Digital Marketing Agency launches UK WordPress Hosting

UK WordPress Hosting

Studio 36 Digital have this week launched a brand new service. WordPress Website Hosting is a service that many UK business will find invaluable, keeping their website fast and secure.
Finding hosting for your business website is often a painful task. Where do you start? If you Google ‘best uk web hosting for WordPress‘, you’ll most likely be bombarded with adverts for large US hosting companies. These tend to be the most popular, with cheap deals to host your website.

But, did you know, standard hosting packages are what’s known…


More Info