Last week, we highlighted the progress being made by the Theme Review Team in clearing out a 1K+ review backlog. In an effort to determine common problems with themes discovered by reviewers, Carolina Nymark, a member of the Theme Review Team, reviewed 100 tickets from 531 themes that were closed and marked not approved between December and February. Nymark cautions …
Beyond Speed: 5 (More) Reasons Why You Should be Using a CDN
You’ve probably already heard about CDNs, you know, they help make your website faster. Yet, you might feel that after paying for web hosting, why should you pay the same amount (or more!) for a CDN? Shouldn’t your hosting already do all of this stuff? There’s a significant difference between the infrastructure required for hosting […] View original post at …
In Case You Missed It – Issue 18
photo credit: Night Moves – (license) There’s a lot of great WordPress content published in the community but not all of it is featured on the Tavern. This post is an assortment of items related to WordPress that caught my eye but didn’t make it into a full post. The REST API Democratizes Reading Mika Epstein explains how the WordPress REST …
Give Brute Force Attacks the Boot with Defender’s New IP Lockout Features
Say good riddance to frustrating and unrelenting brute force attacks with Defender’s all-new IP Lockout features. The latest version of our comprehensive WordPress security plugin now protects your login page from brute force attacks, monitors 404 errors and automatically locks out any unwanted or suspicious behavior. On top of that, it can also permanently ban […] View original post at …
Aaron D. Campbell Replaces Nikolay Bachiyski as WordPress’ Security Czar
Aaron D. Campbell, WordPress Core Contributor at GoDaddy, is replacing Nikolay Bachiyski as WordPress’ Security Czar or WordPress Core Security Team Lead. The role was created in 2015 to provide more structure and focus around incident responses. According to Campbell, “The responsibilities of the position include, organizing the security team and making sure all security concerns and reports get triaged …
BuddyPress 2.7.4 Patches Security Vulnerability That Could Allow Arbitrary File Deletion
The BuddyPress development team has released BuddyPress 2.7.4 to address a security vulnerability that affects all versions back to 2.0. According to John James Jacoby, lead developer of BuddyPress, “This version patches a vulnerability to the BuddyPress core attachments API that could allow arbitrary file deletion on certain installation configurations.” The vulnerability was responsibly disclosed by Sam Pizzey through the HackerOne …
WP eCommerce 3.11.4 Patches SQL Injection Vulnerability
Over the weekend, the WP eCommerce team released version 3.11.4 of its e-commerce plugin. The update patches an SQL injection vulnerability that was responsibly disclosed by Mika Epstein, a member of the WordPress.org plugin review team. According to Justin Sainton, lead developer of WP eCommerce, the team was notified of the vulnerability on November 11th and patched within an hour. The update was …
Time For Your WP Checkup
Wouldn’t it be great if there was a WordPress tool that you could use to quickly scan a site for performance, SEO and security? Well, now there is – and you can try her out for free. Say hello to WP Checkup. What we’ve done is bring all of our experience in speeding up your site (WP Smush, Hummingbird), keeping it secure (Defender) …
8 Must-Do Steps for Securing and Hardening Your WordPress Website
Imagine with me for a moment that you’re a hacker looking for ways to hijack reputable websites and use them to funnel unsuspecting traffic to a nefarious phishing scam. How would you target websites for maximum impact? One option would be to locate and target a single vulnerability that affects hundreds or thousands of sites. If such a thing could …
ManageWP Launches Automated Security Scanning
When ManageWP allowed users to perform security scans of websites through the Orion interface in December of 2015, a feature commonly requested by customers was the ability to automate the scans. Nine months after implementing security checks for customers, ManageWP has added automated security scans to its assortment of features. The automated security scans are a premium feature and cost $1 per site. …