Security

StackPath has acquired MaxCDN. If you use…

Brian Krogsgard

July 25, 2016

StackPath has acquired MaxCDN. If you use MaxCDN, it doesn't seem you will be effected in the short term, though based on what I'm reading today, a move upmarket might be in the works down the road. StackPath was started by…

A new major version of Gravity Forms…

Brian Krogsgard

June 17, 2016

Security

A new major version of Gravity Forms (2.0) was recently released. It's a substantial milestone with focuses on new features and enhancements, under the hood improvements, the API, their add-on framework, and enhanced security hardening.

Most WordPress websites probably use phpMyAdmin (via hosting…

Brian Krogsgard

June 14, 2016

HostingSecurity

Most WordPress websites probably use phpMyAdmin (via hosting providers), so it's nice to see that they successfully completed a security audit as part of Mozilla's Secure Open Source Fund. This fund is new to me, and looks like a great initiative.

Timely’s All-In-One Event Calendar had multiple security issues that caused it to be temporarily removed from the repo

Brian Krogsgard

June 14, 2016

Security

Timely's All-In-One Event Calendar -- which boasts 100,000 active installs -- had multiple security issues that caused it to be temporarily removed from the repo by the plugin security team. There were at least four disclosed issues, some of which…

If you’re using Caldera Forms, there’s…

Brian Krogsgard

May 27, 2016

Security

If you're using Caldera Forms, there's a security update out for it (although the WordPress security team is pushing an auto update).

Jetpack also has a critical security…

Brian Krogsgard

May 27, 2016

Security

Jetpack also has a critical security release around shortcode processing, and is shipping auto updates.

The new iThemes security dashboard looks…

Brian Krogsgard

May 27, 2016

DesignSecurity

The new iThemes security dashboard looks slick. It's nice that everything is one page. I'm always pleased when screens and user experiences are tweaked as products (and their features) get more numerous and more complex. The new design looks like it…

If you use PHPStorm (or know…

Brian Krogsgard

May 17, 2016

Security

If you use PHPStorm (or know someone that does) make sure you read this about a security concern in older versions.

WordPress Security — Draft podcast

Katie Richards

May 8, 2016

DraftPlanet

This week, Joe and Brian discuss WordPress and website security, why it matters, how to go about it, and what the consequences can be when everything goes downhill.

One more security update: Ninja Forms…

Brian Krogsgard

May 7, 2016

Security

One more security update: Ninja Forms had a pretty nasty bug that allowed arbitrary file uploading. They worked with a security researcher -- who tells his tale here -- and the WordPress plugin team to get forced-upgrades to all users.

Encouragement to reward folks who find plugin vulnerabilities

Brian Krogsgard

May 2, 2016

Security

Mika Epstein posted a recommendation on Make WordPress Plugins for authors who make money from plugins to utilize a service like HackerOne to help identify and fix vulnerabilities in their plugins. The WordPress tag on HackerOne -- which is a…

The aftermath of the Panama Papers…

April 8, 2016

Security

The aftermath of the Panama Papers is going to be happening for a long time, but a few sources that are trying to figure how exactly the link happened have been recently mentioning a three-year old install of Drupal. A…

WPTavern has some excellent thoughts on…

March 31, 2016

Security

WPTavern has some excellent thoughts on communication, especially when it comes to developers informing their users about the status of their projects. Developers give little thought to how they would handle emergencies -- such a security breach -- until it…

Linode has finally followed up after…

February 24, 2016

Security

Linode has finally followed up after their security brew-ha-ha that you may remember affected WP Engine not long ago. It doesn't say a ton and follows a pretty standard follow-up / PR script, but it's at least some closure for…

WordFence is spreading the word about…

February 12, 2016

Security

WordFence is spreading the word about three different plugins with security vulnerabilities they've found exploited in the wild. WooCommerce Store Toolkit (not publicly available, patched, but will need updating) WordPress User Meta Manager (on .org, blind SQL injection vulnerability) WP…

WordPress 4.4.2 is out with a…

February 4, 2016

Security

WordPress 4.4.2 is out with a security and maintenance release. It should be a no-brainer update for everyone (and is probably updated on most of your sites by now, automatically). It affects all versions of WordPress and updates are out…

StackPath has acquired MaxCDN. If you use…

A new major version of Gravity Forms…

Most WordPress websites probably use phpMyAdmin (via hosting…

Timely’s All-In-One Event Calendar had multiple security issues that caused it to be temporarily removed from the repo

If you’re using Caldera Forms, there’s…

Jetpack also has a critical security…

The new iThemes security dashboard looks…

If you use PHPStorm (or know…

WordPress Security — Draft podcast

One more security update: Ninja Forms…

Encouragement to reward folks who find plugin vulnerabilities

The aftermath of the Panama Papers…

WPTavern has some excellent thoughts on…

Linode has finally followed up after…

WordFence is spreading the word about…

WordPress 4.4.2 is out with a…

Post Status

Opportunities

Partner Directory

Resources

The Community for WordPress Professionals

Post Status

Opportunities

Partner Directory

Resources