The SI CAPTCHA Anti-Spam plugin has been removed from the WordPress Directory due to its author including spam code. The plugin added a CAPTCHA image test to WordPress forms to prevent spam and was compatible with forms generated by bbPress, BuddyPress, Jetpack, and WooCommerce. It had more than 300,000 active installs at the time of removal. Mike Challis, the original …
WordPress 4.8.2 Patches Eight Security Vulnerabilities
WordPress 4.8.2 is available for download and users are encouraged to update as soon as possible. This release patches eight security vulnerabilities and has six maintenance related fixes. Hardening was also added to WordPress core to prevent plugins and themes from accidentally causing a vulnerability through $wpdb->prepare() which can create unexpected and unsafe queries leading to potential SQL injection (SQLi). …
Display Widgets Plugin Permanently Removed from WordPress.org Due to Malicious Code
Display Widgets, a plugin with more than 200,000 active installs, has been removed from WordPress.org due to its authors inserting malicious code. SEO consultant David Law was the first to bring this issue to the attention of the plugin team after discovering that Display Widgets was inserting content into sites from external servers and also collecting visitor data without permission. …
Equifax Launches WordPress-Powered Site for Consumers Affected by Security Breach
photo credit: Lock – (license) Equifax has launched a WordPress-powered website to connect with consumers affected by its recent security breach, which compromised 143 million customers’ personal data. The exposed data includes names, birth dates, social security numbers, addresses, credit card numbers, driver’s license numbers, and other sensitive financial information. The equifaxsecurity2017.com site was launched shortly after disclosure to give …
The Ultimate Guide to WordPress Security
Hackers attack WordPress sites both big and small with over 90,978 attacks happening per minute. Fortunately, there are numerous ways you can protect your WordPress site. Today, I want to share with you how you can make your WordPress site’s security air tight with basic through to advanced techniques. I’ll also explore how WordPress can […] View original post at …
Defender Security Plugin Now Available for Free at WordPress.org
WordPress security shouldn’t just be for those who pay the big bucks for “real” protection. Professional grade security should be easy, free and available for everyone. That’s why we’re excited to announce our Defender security plugin is now FREE to download at WordPress.org. We know there’s a heap of worry around keeping WordPress safe, especially […] View original post at …
How to Fix “Not Allowed to Access this Page” Error in WordPress
Picture this: You’re working away on your WordPress site and then bam! You see this puzzling and face contorting error: “How is this even a thing?” you quietly shout. “I am allowed to access this page. I’m the admin!” The frustration continues when you realize the fix isn’t so cut and dry since there are multiple […] View original post at …
WordPress 4.7.5 Patches Six Security Issues, Immediate Update Recommended
WordPress 4.7.5 was released today with fixes for six security issues. If you manage multiple sites, you may have seen automatic update notices landing in your inbox this evening. The security release is for all previous versions and WordPress is recommending an immediate update. Sites running versions older than 3.7 will require a manual update. The vulnerabilities patched in 4.7.5 …
WordPress Is Now on HackerOne, Launches Bug Bounties
WordPress now has its own official HackerOne account where security researchers can responsibly disclose vulnerabilities to the security team. The project’s page was previously listed under Automattic’s profile before HackerOne launched its free community edition for open source projects. WordPress has now transitioned to its own account, which also includes sister projects BuddyPress, bbPress, GlotPress, and WP-CLI, along with all …
How to Host Your Email and WordPress Together
When you set up hosting for WordPress and start digging into cPanel, it can be tempting to click a few times and set up an email address with your domain. I mean, it’s right there. While it sure is convenient to create an email address in the same place where you’re managing your site, it’s […] View original post at …