WordPress Weekly News 005: Security Breaches, Vulnerabilities and much more
Hello WordPress friends time for me to bring you a whole bunch of news from the world of WordPress. It hasn’t been the best week for WordPress with bugs affecting thousands of WordPress websites.
Let’s see what we have in store for you in this week’s WordPress roundup!
Update Your WordPress Now
A bug was recently discovered in WordPress where a hacker could alter a website’s content. The web security firm Sucuri identified the bug earlier this year. It wasn’t announced until last week when WordPress finally rolled out 4.7.2 to fix the bug.
The bug, REST API Endpoint, somehow enabled hackers to change a website’s content. The hackers can also use short codes to inject ads and infect site with SEO spam campaign.
It is reported that around 67,000 websites were hacked in two weeks’ time, but WordPress has somehow managed to fix it before more damage is done
SSL is taking over the internet!
More than 50% of page loads are encrypted according to Mozilla Telemetry. Let’s Encrypt reported this milestone on its Twitter account.
Per @Firefox Telemetry, more than 50% HTTPS page loads is now the norm! pic.twitter.com/7mo8VPrpbq
— Let’s Encrypt (@letsencrypt) January 30, 2017
Not only Mozilla, but also Google’s Transparency Report shows that half of the internet traffic is encrypted.
This means modern SSL solutions, like Let’s Encrypt and Cloudflare, are making it easier for website owners to deploy encryption on internet traffic.
WP-CLI 1.1.0 Released
WP-CLI 1.1.0 is now available which includes 23 command improvements and it comes just two months after 1.0.0. The 1.1.0 comes with 8 framework enhancements and other bug fixes.
Daniel Bachhuber, the project maintainer, shifted the focus to package ecosystem to better distribute the maintenance burden.
CLI 1.1.0 had around 16% increased contributors when compared to 1.0.0. The project is looking for helpers for project’s maintenance.
BlogVault Security Issue
BlogVault recently encountered a security breach. User websites were attacked by malware after being accessed without authorization. The WordPress backup service immediately started an investigation to figure out the issue.
In light of this event, the founder of BlogVault Akshat Chaudhary made an official statement ensuring customers of the precautionary measures BlogVault is taking to curb the situation. The backup provider has released an update to the affected plugin that patches the problem.
WP Super Cache fixes vulnerabilities
The super-fast caching engine releases update to fix multiple XSS vulnerabilities. 1.4.9 was released this week that fixes cross site scripting vulnerabilities.
An anonymous visitor cannot access the settings page and steal your login cookies. Along with patching vulnerabilities, the update also has a fix for people who host multiple sites using the plugin.
StudioPress Sites just made your life much easier!
StudioPress Sites has come up with a solution which will let you worry about everything other than your WordPress website. It is an all round solution which will take care of hosting, security and much more.
It is focused on people who are too busy to care about their WordPress website. If you are one of them, then this service is just for you.
WordPress tutorials and tips
How to Configure Google Search Console on WordPress
Top 6 WordPress mailing list building plugins that you should know about in 2017
That is all from this week’s WordPress roundup. Do share in the comments what I have missed out.
Create Faster WordPress Websites!
Free eBook on WordPress Performance right in your inbox.