There’s a new release of WP Super Cache (1.6.9) available that patches a security issue discovered in the debug log. The vulnerability can only be exploited if users have debugging enabled. It’s highly recommended that all users upgrade to 1.6.9 to patch the security issue. Details of the vulnerability will be published after users have had time to upgrade. In …
All-in-One WP Migration 7.0 Patches XSS Vulnerability
Those who use the All-in-One WP Migration plugin are encouraged to update to version 7.0 as soon as possible as 6.97 contains an admin backend cross-site-scripting vulnerability. An attacker would already have to be able to either compromise the database or gain access to a user account with high enough privileges to view the backup history, so some damage has …
PluginVulnerabilities.com is Protesting WordPress.org Support Forum Moderators by Publishing Zero-Day Vulnerabilities
image credit: Jason Blackeye A security service called Plugin Vulnerabilities, founded by John Grillot, is taking a vigilante approach to addressing grievances against WordPress.org support forum moderators. The company is protesting the moderators’ actions by publishing zero-day vulnerabilities (those for which no patch has been issued) and then attempting to contact the plugin author via the WordPress.org support forums: Due …
Hello, Hackers! Best Practices for WordPress Security
When talking about WordPress security, it feels like we’re left with 2 choices, devastating paranoia or ignorant bliss. With all the news of our personal information, usernames, passwords, and identities getting jacked and sold on the dark web, the topic of web security to a noobie sounds impossible. But after falling hard into the deep end of web security, I’ve …
WPWeekly Episode 349 – Sandy Edwards and the Kids Event Working Group Initiative
In this episode, John James Jacoby and I are joined by Sandy Edwards. Sandy gave us a behind the scenes look at what it takes to organize a WordPress event for children and teens. She also provides background information on a new group that’s been formed called the Kids Events Working Group. This group is responsible for setting the foundation …
WordPress REST API Mistakes That are Making Your Site Insecure
The REST API came with big hopes for modernizing and improving WordPress performance. I’m a huge fan, but if you don’t understand how the API works, it can lead to mistakes that end in big security holes for your site, especially if you’re not a developer. In this post, I want to share some of […] View original post at …
How To Make Money Offering A WordPress Maintenance Service
How would you like an extra $100-$300+ per client every month? If your WordPress development, design or marketing business isn’t offering a WordPress site maintenance package you’re missing out on a huge opportunity. Give your clients peace of mind and spare them the horror they would suffer if left to their own devices, all while […] View original post at …
Make Your WordPress Sites 100% Immune To Phishing
Google recently made a splash in the security scene when they announced none of their 85,000+ employees have been successfully phished on their work-related accounts since early 2017. It’s the kind of magic sauce we all long to boast about for our clients’ WordPress sites. What was the secret to Google’s success and how can […] View original post at …
Defender 2.0, Forced 2FA, New Tweaks And “We’ll Clean Up Your Site!”
Defender 2.0 is now available including forced Two-Factor Authentication by user role and a new XML-RPC disabler. Big news, I know…but the real stunner comes as a new members-only service upgrade. WPMU DEV security experts will now restore and clean up your site after it’s been hacked! Defender has already been downloaded half a million […] View original post at …
Should You Start an Anonymous Blog? 8 Reasons to Consider It (And 8 Not To)
There’s no doubt about it: we’re living in a world of over-sharers. Bloggers, social media users, celebrity influencers… It seems like everyone wants to be a Kardashian these days; to give the world a close-up look into what’s happening behind the scenes of their lives or to share every thought that’s running through their head. […] View original post at …