Business Roundup Week Ending July 5

Polyfill Supply Chain Attack Rattles WordPress Security

You’ve likely heard how Polyfill.js, a popular JavaScript library, was hijacked by bad actors in a recent supply chain attack.
After the polyfill.io domain was acquired by a company based in China, malicious code was injected into the Polyfill library which could lead to vulnerabilities and data theft.
Polyfills are essentially workarounds that allow modern javascript to run in older browsers. The library is often used by developers as an easy way to offer backward compatibility.
Analysis of the WordPress repository revealed plugins and themes that were embedding Polyfill scripts from affected domains.
The current impact is minimal as most affected domains have been taken down, but risk remains if the domains become active again.
Many agencies received emails from Google indicating that the Polyfill issue impacted their implementation of the Google Maps API (likely from plugins that integrate Polyfill).
Cloudflare made adjustments to mitigate the issue soon after it was discovered.
If you need more drama in your life, you can read the back and forth between Polyfill and Cloudflare here and here.
Patchstack has been an excellent resource for the WordPress community throughout this threat, and they encourage developers to join their mVDP program.
Patchstack has the details of the attack, including a list of affected plugins.

Cloudflare has launched a free tool to prevent AI bots from scraping websites for training data, particularly those that ignore standard bot exclusion rules (like robots.txt) to gain competitive advantages.
The tool aims to address growing concerns about AI companies scraping website content without permission or compensation.
Cloudflare analyzed AI bot traffic to fine-tune automatic bot detection models that consider factors like bots mimicking human browsing behavior to avoid restrictions.
About 26% of top websites have blocked OpenAI’s bot, and over 600 news publishers have blocked it.
Before you implement a blocker like Cloudflare’s, it’s important to realize that doing so could risk losing referral traffic from AI tools like Google’s AI Overviews.
The Cloudflare Blog explains the details, and this Techcrunch article can help you decide if this new tool is right for you and your clients.

Google’s recent algorithm changes are forcing businesses to reevaluate SEO strategies (again).
Organic SEO requires a new playbook that measures ROI differently, focussing on building authority and trustworthiness rather than just direct traffic and rankings.
Content marketing should be focused on creating valuable information for end users that aligns with their search intent, not content that is simply focused on the algorithm.
Authentic articles that showcase expertise and offer original insights will stand out in the age of AI-generated content.
Smaller players with real-world experience can outperform larger companies by creating relevant, helpful content.
TLDR; Focus on users and readers, not the algorithm.
Get the details from this insightful post on the Freemius blog.

Do you have tons of disorganized files with messy file names? This clever AI tool can help you sort out your world.
WordPress wants to help you get inactive Meetups going again. Join the discussion now.
There’s a new kid in town, and it’s one you want to be friends with: OSO. It stands for organic search optimization, and with the Search Generative Experience rolling out, this acronym is one you should pay attention to.