Data From Theme Reviews Shows Authors Need More Education on Developing Secure WordPress Themes

Last week, we highlighted the progress being made by the Theme Review Team in clearing out a 1K+ review backlog. In an effort to determine common problems with themes discovered by reviewers, Carolina Nymark, a member of the Theme Review Team, reviewed 100 tickets from 531 themes that were closed and marked not approved between December and February. Nymark cautions …

Give Brute Force Attacks the Boot with Defender’s New IP Lockout Features

Say good riddance to frustrating and unrelenting brute force attacks with Defender’s all-new IP Lockout features. The latest version of our comprehensive WordPress security plugin now protects your login page from brute force attacks, monitors 404 errors and automatically locks out any unwanted or suspicious behavior. On top of that, it can also permanently ban […] View original post at …

Aaron D. Campbell Replaces Nikolay Bachiyski as WordPress’ Security Czar

Aaron D. Campbell, WordPress Core Contributor at GoDaddy, is replacing Nikolay Bachiyski as WordPress’ Security Czar or WordPress Core Security Team Lead. The role was created in 2015 to provide more structure and focus around incident responses. According to Campbell, “The responsibilities of the position include, organizing the security team and making sure all security concerns and reports get triaged …

BuddyPress 2.7.4 Patches Security Vulnerability That Could Allow Arbitrary File Deletion

The BuddyPress development team has released BuddyPress 2.7.4 to address a security vulnerability that affects all versions back to 2.0. According to John James Jacoby, lead developer of BuddyPress, “This version patches a vulnerability to the BuddyPress core attachments API that could allow arbitrary file deletion on certain installation configurations.” The vulnerability was responsibly disclosed by Sam Pizzey through the HackerOne …

WP eCommerce 3.11.4 Patches SQL Injection Vulnerability

Over the weekend, the WP eCommerce team released version 3.11.4 of its e-commerce plugin. The update patches an SQL injection vulnerability that was responsibly disclosed by Mika Epstein, a member of the WordPress.org plugin review team. According to Justin Sainton, lead developer of WP eCommerce, the team was notified of the vulnerability on November 11th and patched within an hour. The update was …

ManageWP Launches Automated Security Scanning

When ManageWP allowed users to perform security scans of websites through the Orion interface in December of 2015, a feature commonly requested by customers was the ability to automate the scans. Nine months after implementing security checks for customers, ManageWP has added automated security scans to its assortment of features. The automated security scans are a premium feature and cost $1 per site. …