WordPress Elementor Plugin Remote Code Execution Vulnerability

[ad_1]

A vulnerability was discovered in Elementor, starting with version 3.6.0, that allows an attacker to upload arbitrary code and stage a full site takeover. The flaw was introduced through a lack of proper security policies in a new “Onboarding” wizard feature.

Missing Capability Checks

The flaw in Elementor was related to what is known as Capability Checks.

A capability check is a security layer that all plugin makers are obliged to code. What the capability check does is to check what permission level any logged in user has.

For example, a person with a subscriber level permission…

[ad_2]
More Info

Tips for Using Uploader Widgets on WordPress Blogs

[ad_1]

Uploader widgets can be a great way to manage and organize the media files on your WordPress website. It can be a great way to add images and videos to your posts and pages, as well as to manage your media library. Uploader widgets can also make it easy to add files to your blog from other websites. Though,  using an uploader widget can be a little tricky if you’re not familiar with them. 

However,  with a little bit of know-how, you can start using these widgets like a pro. In this article, you will get some tips for using uploader widgets on your WordPress website. We’ll…

[ad_2]
More Info

Vizbii Releases Morphii Free Plug-in for All WordPress Websites

[ad_1]

Morphii plugin measures emotion & intensity of users

“Morphii not only provides reliable insights – it fulfills an obligation to make the feedback process more engaging and efficient for respondents, while providing stakeholders with a competitive market differentiator.”–Tricia Houston, COO/Founder, MMR Live Experience Design

Vizbii…

[ad_2]
More Info

Phi Phan Launches Block Enhancements WordPress Plugin – WP Tavern

[ad_1]

WordPress developer Phi Phan has been making small splashes lately, but in a sea of 1,000s of plugins, it is increasingly tough to make a wave. Over the weekend, he released the Block Enhancements plugin, the first pass on a project that he plans to iterate on with new ideas.

WordPress post editor with four different buttons in the content canvas.  The inspector panel shows a set of icon related options and the "fill" color is highlighted for an SVG icon.
Adding icons to buttons with Block Enhancements.

However, this is not his first block-related plugin. Last year, he launched Content Blocks Builder, a plugin that allows developers and users to create blocks from others, patterns, and variations. In February, he released Meta Field Block. He then followed it up…

[ad_2]
More Info

WP Engine announces innovations for its headless WordPress solution Atlas

[ad_1]

WP Engine, the WordPress technology company, today announced that its headless WordPress solution, Atlas, is now available to businesses with four new headless WordPress plans. These new plans range from $49 to $499 and enable developers to learn, build, and grow their sites. 

With this, the company also launched Atlas Blueprints, bringing developers free and professionally designed starter sites that allow anyone to get started with headless WordPress.

Developers also now have the option to sign up for a free Atlas Sandbox account, allowing them to learn more about…

[ad_2]
More Info

5 Reasons Why You Should Use a WordPress in 2022

[ad_1]

The Case for 2FA by Default for WordPress

[ad_1]

Administrator panel compromises are one of the most common attacks that everyday WordPress website admins face. We work with thousands of clients who have encountered attacks on their websites and I’ve long ago lost count of the number of times that I’ve told clients that the point of entry was their WordPress login page. Brute force attacks and compromised administrator users are overwhelmingly the most common attack vectors for the CMS platform, which as of 2022 makes up over 40% of the entire web.

WordPress has many security plugins and extensions that can greatly improve security…

[ad_2]
More Info

How to Secure Your Site

[ad_1]

As by far the most popular content management system, WordPress powers millions of different websites. It’s open source software, which means its source code is publicly accessible and can be modified by pretty much anyone with sufficient know-how.

Though WordPress plugins and themes can be purchased, tens of thousands of them are available for free. As one might expect, this does not come without its downsides. So how vulnerable are WordPress sites? What about its themes and plugins? And how can you protect your sites?


How Vulnerable Is WordPress?

In February 2022, Jetpack

[ad_2]
More Info

A guide to auditing UX & UI on WordPress sites

[ad_1]

No matter the purpose or function of your WordPress sites, user experience (UX) and user interface (UI) play direct roles in your success.

Estimated reading time: 4 minutes

Without a comprehensive strategy for improving your UX and UI, you’ll lose out to competitors who have exactly that. Auditing the effectiveness of these features is necessary to gain the kind of traffic and engagement you’re looking for, so assess your sites now.

Start by putting the user first and follow this guide for auditing UX and UI on WordPress sites.

1. Put the User First

For your UX to be successful, you’ll…

[ad_2]
More Info