Security

Rapid, automatic upgrades are pivotal to the future of WordPress

Brian Krogsgard

February 17, 2017

Mika Epstein has a way of being super logical and level-headed about everything. She has written a post in defense of the WordPress REST API -- that really is applicable to security in WordPress in general -- that I wish…

Mika Epstein notifies developers of a…

Brian Krogsgard

February 6, 2017

Security

Mika Epstein notifies developers of a recent plugin guideline change in the WordPress plugin repo. Guideline 12 (“Public facing pages on WordPress.org may not spam”) is now more clear in broadcasting the message “Do not use your readme to spam.”…

BlogVault vulnerability exposed tens of thousands of sites to hacking

Brian Krogsgard

February 6, 2017

Security

BlogVault has 20,000 active installs of their free plugin on WordPress.org, and on their home page they boast 85,000+ sites in their network. Over the weekend, they disclosed a vulnerability in their plugin that exposed customers, and an unknown percentage…

WooCommerce switches accounts to utilize WordPress.com credentials

Brian Krogsgard

February 1, 2017

Security

WooCommerce has officially switched over to require WordPress.com account credentials. The announcement was made by Todd Wilkens, the new lead of WooCommerce within Automattic. Todd was formerly the head of mobile and chat products at Atlassian (HipChat, etc). This change…

WordPress 4.7.2 shipped today with security…

Brian Krogsgard

January 26, 2017

Security

WordPress 4.7.2 shipped today with security updates. All three updates require existing administrative access, so don't seem to have a super high risk profile compared to publicly exposed areas. You should've already gotten automatic update notices for your websites --…

New Year’s resolutions for WordPress developers

Jack Lenox

January 12, 2017

DevelopmentPlanet

It's a new year, and a great time to set some New Year's resolutions as a WordPress developer. Here are some practical tips to up your game working with the WordPress code base.

WP CLI is now under the WordPress umbrella

Brian Krogsgard

January 8, 2017

Security

WP CLI is moving under the umbrella of WordPress.org. Matt Mullenweg made the announcement, and in it says he's also, "bringing together a number of companies in the WordPress ecosystem to solidify their financial support of runcommand so that Daniel…

Robert Rowley has been monitoring insecure…

Brian Krogsgard

December 16, 2016

Security

Robert Rowley has been monitoring insecure WordPress plugins which exposed PHP objects to potential injection on Pagely servers -- and shares how they addressed the issue. There are several interesting takeaways, but I especially liked his note about communicating with…

Hendrik Buchwald has done a fascinating…

Brian Krogsgard

December 16, 2016

Security

Hendrik Buchwald has done a fascinating breakdown of security vulnerabilities in plugins, with analysis of detected vulnerabilities by type and by how many lines of code are in the plugin. Surprisingly, their software didn't pick up vulnerabilities in the "vast…

Matt Mullenweg State of the Word, 2016

Brian Krogsgard

December 3, 2016

BusinessDesign

Matt Mullenweg just completed the 2016 State of the Word, which highlights the accomplishments of the past year, and sets the direction for the year ahead for WordPress.

ReviewSignal’s annual WordPress hosting results takeaways

Brian Krogsgard

September 14, 2016

HostingSecurity

Kevin Ohashi does the best WordPress hosting technical analysis out there. He's just come out with his 2016 benchmarks, which are the culmination of months of testing twenty six companies, across six price tiers, with five different methodologies. In addition…

Renewed push for WordPress REST API content endpoints

Brian Krogsgard

September 7, 2016

Security

There's a renewed push going on right now to try and get what is being termed "content endpoints" into WordPress core with the 4.7 release -- which is being led by Helen Hou-Sandí of 10up. In the first core development…

iThemes Security Pro introduces a new…

Brian Krogsgard

August 31, 2016

HostingSecurity

iThemes Security Pro introduces a new feature – WordPress version management. This feature automatically updates your site to new versions of WordPress, along with themes and plugins, and has the ability to, “scan for other out of date WordPress sites,” on…

Static site generators versus WordPress

Sonya Mann

August 23, 2016

HostingPlanet

WordPress is the dominant method to build and manage a website, but static site generators are surging in popularity amongst developers and for certain types of websites.

Makers of WP Rocket are getting into WordPress security

Brian Krogsgard

August 23, 2016

BusinessSecurity

WP Media -- the team behind WP Rocket (a commercial caching product) -- are getting into the WordPress security sector. SecuPress hasn't yet launched, but they are starting early access trials for people that sign up through their home page.…

The Prototype Fund is a project…

Brian Krogsgard

August 3, 2016

Security

The Prototype Fund is a project of the Open Knowledge Foundation Germany, funded by the Federal Ministry of Education and Research (BMBF). Individuals and small teams can apply for funding for projects related to open source tools and applications in…

Rapid, automatic upgrades are pivotal to the future of WordPress

Mika Epstein notifies developers of a…

BlogVault vulnerability exposed tens of thousands of sites to hacking

WooCommerce switches accounts to utilize WordPress.com credentials

WordPress 4.7.2 shipped today with security…

New Year’s resolutions for WordPress developers

WP CLI is now under the WordPress umbrella

Robert Rowley has been monitoring insecure…

Hendrik Buchwald has done a fascinating…

Matt Mullenweg State of the Word, 2016

ReviewSignal’s annual WordPress hosting results takeaways

Renewed push for WordPress REST API content endpoints

iThemes Security Pro introduces a new…

Static site generators versus WordPress

Makers of WP Rocket are getting into WordPress security

The Prototype Fund is a project…

Post Status

Opportunities

Partner Directory

Resources

The Community for WordPress Professionals

Post Status

Opportunities

Partner Directory

Resources