Nonces are not a catch-all security…
Nonces are not a catch-all security mechanism, and Gennady Kovshenin explains why.
PHP 5.6 support to be extended through 2018
Brian Krogsgard
PHP has voted on a proposal to extend support for PHP 5.6 -- the most recent non-PHP-7 release -- through 2018. The vote is a great step for WordPress, as version 5.6 only has about 12% adoption still. PHP 5.6…
iThemes adding live, incremental backups to BackupBuddy
Brian Krogsgard
iThemes has managed and supported BackupBuddy for about as long as any commercial plugin on the market. It's a cornerstone product for them, and it's done very well over the years. With BackupBuddy 7.0, they are adding live, incremental backups…
A new security release for the…
A new security release for the WordPress REST API affects both version 2, which is now at beta 10, and version 1.2.x, which is updated to 1.2.5.
WordPress security release, and 4.5 development kicks off
Brian Krogsgard
It was the first truly busy day in WordPress core land since the release of WordPress 4.4. Two big things happened: A maintenance and security update was released in WordPress 4.4.1, and the security component affected all versions back that can…
WordFence — a security plugin to…
WordFence -- a security plugin to boot -- has an XSS vulnerability that was recently patched. VaultPress posted more about it, but if you run this plugin, you need to update.
WP Engine requiring mass password reset on all accounts
Brian Krogsgard
WP Engine sent emails to all existing (and apparently many former) customers stating that they needed to reset every password associated with their account: While we have no evidence that the information was used inappropriately, as a precaution, we…
Interview with Automattic CEO, Matt Mullenweg, on Calypso and more
Brian Krogsgard
Matt Mullenweg is the co-founder of WordPress, and founder and CEO of Automattic. In this interview, we talk about their new WordPress.com editor, and more.
“Beginning January 12, 2016, only the…
"Beginning January 12, 2016, only the most current version of Internet Explorer available for a supported operating system will receive technical support and security updates," per the Internet Explorer support policy, as linked to from an announcement about IE11 support.…
Matt Mullenweg did an AMA on…
Brian Krogsgard
Matt Mullenweg did an AMA on Product Hunt. There's not a ton you haven't seen, but apparently there's a new WordPress mobile app that's still in "internal" beta. I wonder if it's using the new REST API? I hope it's…
WordPress REST API proposed for core inclusion in two stages
Brian Krogsgard
The much anticipated proposal for core inclusion of the WordPress REST API is here. Ryan McCue -- the project lead -- has proposed a draft for the inclusion process that recommends a two stage approach. He recommends that stage one…
Consequences of bumping PHP minimums, from a Joomla lead that’s been there
Brian Krogsgard
There's a mega Trac ticket to, "strategize the updating of minimum PHP version." Joe and I talked about this on the latest podcast too (in the last segment), if you're curious. The Trac ticket goes every which way, as you'd expect.…
iThemes Security is integrating Sucuri malware scanning
Brian Krogsgard
iThemes announced today that both their free iThemes Security and their commercial iThemes Security Pro plugins are integrating Sucuri's malware scanning service. The free one is just an opt-in one off option, which is nice but can also be accomplished…
The WordPress security trilogy, parts 2 and 3
Brian Krogsgard
I love trilogies, and a WordPress security trilogy was completed today. I'm now in that weird state of having just finished a series I was super into and didn't want to end (well minus the security implications). In early August I…
Freelancers and the self-employed are ignored by the government
Brian Krogsgard
Sara Horowitz -- who is the founder and executive director of the Freelancers Union -- makes a compelling argument for how important freelancers are to the American economy. She highlights just how big the freelancer economy is: For better or…
Shortcode syntax and API changes drafted and under review
Brian Krogsgard
It's been a busy few days for shortcodes. Most, if not all, core committers and project leads would tell you that they'd rather burn the shortcodes API than anything else. But it's one of those things that exists and now…
