What Is Full Site Editing and What Does It Mean for the Future of WordPress? – WordPress Tavern

Block-based Twenty Twenty-One theme in the site editor.

As I said last week, 2021 will be the year of the site editor. Matt Mullenweg’s State of the Word confirms it. WordPress 5.7’s release planning is focused on it. It has been a long journey getting to this point, and it will be a much longer adventure afterward. The ultimate promise of the work that began nearly four years ago is nigh.

The Gutenberg project was never just about editing content. WordPress was aging software by late 2016. It needed to cater to modern audiences who may be less tech-savvy than the…

More Info

WordPress 5.7 Development Kicks Off with Focus on Full Site Editing – WordPress Tavern

If the 2020 State of the Word address was any indication, WordPress is moving full steam ahead to land full site editing in 2021. The 5.7 release cycle kicked off this week with the proposed scope centered around full site editing via Gutenberg. Matt Mullenweg will be leading the release and the rest of the team leadership is still being rounded up. Bug scrubs for early tickets that require more time or early testing are already underway.

WordPress 5.7 contributors anticipate working on the following features in the next release:

  • Update WordPress Core to include current…

More Info

WordPress.com Launches New Courses With A Focus On Customer Education

SAN FRANCISCO, Dec. 21, 2020 /PRNewswire/ — WordPress.com — the hosted version of the most popular online publishing platform — has launched WordPress.com Courses with two new subscription-based courses, Blogging for Beginners and Podcasting for Beginners, as they look to move into the customer education space. Inspired by customer feedback launching free daily and in-depth topical webinars this past spring, WordPress.com saw high interest in content around blogging and podcasting, which prompted the creation of these courses. Also, taking into account customer feedback on other…

More Info

Contact Form 7 Vulnerability in +5 Million Sites

A vulnerability has been discovered in Contact Form 7 that allows an attacker to upload malicious scripts. The publishers of Contact Form 7 have released an update to fix the vulnerability.

Unrestricted File Upload Vulnerability

An unrestricted file upload vulnerability in a WordPress plugin is when the plugin allows an attacker to upload a web shell (malicious script) that can then be used to take over a site, tamper with a database and so on.

A web shell is a malicious script that can be written in any web language that is uploaded to a vulnerable site, automatically processed and used to…

More Info

5M WordPress Sites Running the Contact Form 7 Plugin are Open to Attack – Threatpost

A critical unrestricted file upload bug in Contact Form 7 allows an unauthenticated visitor to take over a site running the plugin.

A patch for the popular WordPress plugin called Contact Form 7 was released Thursday and fixes a critical bug that allows an unauthenticated adversary to takeover a website running the plugin or possibly hijack the entire server hosting the site. The patch comes in the form of a 5.3.2 version update to the Contact Form 7 plugin.

The WordPress utility is active on five million websites with a majority of…

More Info

Help Steer the Future of WordPress via the FSE Outreach Program – WordPress Tavern

All hands on deck. 2021 will be the year of the Site Editor.

Anne McCarthy announced the official start of the Full-Site Editing (FSE) Outreach Program last Friday on the Make Core blog. The program is primarily geared toward end-users. With few channels for average users to communicate with the development team, this offers an opportunity for them to provide direct feedback.

This announcement comes on the heels of Matias Ventura’s full overview of the FSE project. In the post, he laid out where specific FSE features currently stand and what needs to happen to bring the project…

More Info

WordPress plugin with 5 million installs has a critical vulnerability

The team behind a popular WordPress plugin has disclosed a critical file upload vulnerability and issued a patch.

The vulnerable plugin, Contact Form 7, has over 5 million active installs making this urgent upgrade a necessity for WordPress site owners out there.

Unrestricted file upload

This week, Contact Form 7 project has disclosed an unrestricted file upload vulnerability (CVE pending) in the WordPress plugin that can allow an attacker to bypass Contact Form 7’s filename sanitization protections when uploading files.

An attacker can upload a crafted file with arbitrary code…

More Info

WordPress Redux Plugin Vulnerability Affects +1 Million Sites

Redux, a popular WordPress plugin with more than 1 million active installations recently patched a vulnerability. The vulnerability allowed an attacker to bypass security measures in a Cross-Site Request Forgery (CSRF) attack.

Cross-Site Request Forgery

A Cross-Site Request Forgery (CSRF) attack is a method where an attacker exploits a vulnerability in the code that allows them to perform actions on a website. This kind of attack exploits the credentials of an authenticated user.

The U.S. Department of Commerce defines CSRF like this:

“A type of Web exploit where an unauthorized party causes…

More Info

Learn WordPress site launched – To help people learn its CMS

To increase its popularity and the diversity within the CMS, WordPress has launched a new platform called Learn WordPress. Considering that a wonderful community has always had WordPress’s back, Learn WordPress will be a fantastic place where upcoming enthusiasts can access workshops, quizzes, courses, and even lesson plans.

Learn WordPress site launched

As you can guess, this website would be preparing tech enthusiasts to create the best content for the WordPress CMS, not just in terms of core development but also themes, extensions, and more.

The Learn WordPress team aims to…

More Info

Learn WordPress Platform Launches with Free Courses, Workshops, and Lesson Plans – WordPress Tavern

WordPress.org has officially launched its new “Learn WordPress” platform, a free educational resource that includes courses, workshops, quizzes, lesson plans, and discussion groups. The material spans the spectrum of WordPress experience from beginners to advanced, and and allows users to learn asynchronously at their own pace. After a successful beta launch in August, the platform is now ready for the public.

Traditionally, most WordPress learning opportunities have been in-person at WordCamps and local meetups. Since large gatherings have been put on pause this year due to…

More Info