WordPress Ecommerce Sites Face Stealthy Card Skimming Attack

• A clever new credit card skimming attack is targeting WordPress ecommerce checkout pages.
• Site scanning tools often miss this threat because it embeds itself in the wp_options database table.
• Attackers create fake payment forms that looks exactly like those from legitimate card processors like Stripe.
• The malicious code activates only on checkout pages when customers are ready to enter payment details.
• Stolen data is then encrypted to avoid detection before being sent to attacker-controlled servers.
• The skimmer can both create fraudulent payment forms and capture data from legitimate checkout fields.
• Learn more about how hackers are staying a step ahead of detection in this article on The Hacker News.

FTC Mandates Security Overhaul at GoDaddy

• The U.S. Federal Trade Commission has mandated that GoDaddy overhaul its security practices to match its marketing claims.
• The order comes after discovering years of inadequate protection measures that left millions of websites vulnerable to attacks.
• The FTC found that GoDaddy failed to implement basic security measures to protect its +5M hosting customers, resulting in multiple major security breaches between 2019 and 2022.
• FTC: “GoDaddy’s data security program was unreasonable for a company of its size and complexity. Despite its representations, GoDaddy was blind to vulnerabilities and threats in its hosting environment.”
• The settlement requires implementation of new security measures and regular 3^rd party monitoring. Future issues could result in penalties of more than $50K for each violation.
• Godaddy responded to the FTC ruling on its blog, explaining it had already hired multiple security firms to resolve the issues and is making improvements beyond what was mandated.

Godaddy Donates $500K to the WP Community Collective

• GoDaddy has announced that they have donated $500k to the WordPress Community Collective for financial, operational, and promotional support.
• The WPCC was created to give the WordPress community a voice and help fund individual WordPress contributors and community-led initiatives.
• In 2023, they sponsored accessibility expert Alex Stine to work on the WP A11y team.
• They partnered with GoDaddy in 2024 to help underrepresented speakers attend WordCamp events worldwide.
• In December, the WPCC incorporated as a California non-profit organization. It is currently finalizing a Federal 501(c)(6) status.
• Individuals can join the WPCC with a contribution of $5 or more. Business sponsorship tiers are planned for later this year.

Worth a Look

• Google is cracking down on scraping tools – popular SEO tools like Semrush are experiencing significant delays in refreshing.
• What is WordPress? – Hendrik Luehrsen unpacks the complex structure of the WordPress ecosystem.
• A new WhiteHouse.gov website is live – whether or not you support the current occupant, the new site is once again built on WordPress.
• WordPress.com has updated it’s admin UI – and it looks just like the .org interface we’re used to.
• WooCommerce 9.6 is out – the Brands plugin now merged into core.

Updates from Post Status Members

• Christos Paloukas has a 3Q interview with Michelle Frechette on PressTalks
• Brin Wilson explores the impact of AI on the future of the Internet, YouTube, and content creation.
• Deborah Butler has launched FlipChecker, providing data to help you make decisions about flipping ecommerce stores.
• Rob Cairns and Todd Jones talk about differentiation in copywriting on The SDM show.
• Rodolfo Melogli is offering a free Business Bloomer masterclass on using the WooCommerce Logger to log events and debug code.
• Seth Goldstein talks about alternatives to the Fediverse in this article.
• Simon Kraft talks with Joost de Valk and Marieke van de Rakt about their acquisition of Post Status
• Bud Kraus talks to Jeff Chandler on the latest episode of Seriously, BUD?