Security

WordPress security news and issues.

WordPress 5.7.2 is available. It’s a…

Photo of author
Dan Knauss
Security
WordPress 5.7.2 is available. It's a security release (Ram Gall talks about specifics on the WordFence blog), so make sure to update if you don't have automatic updates active on your sites. 🔒

If you or your clients use…

Photo of author
Dan Knauss
Security
If you or your clients use Kaswara Modern WPBakery Page Builder (10k+ installations), then you might want to uninstall it when you can. Wordfence is reporting a critical zero-day vulnerability. And if you use Elementor, make sure it's updated. A vulnerability…

WordPress Slack was down for a…

Photo of author
Dan Knauss
Security
WordPress Slack was down for a brief period of time on Tuesday morning. Here's the conversation that emerged about this in Post Status Slack, and a Trac ticket opened by Tor-Bjorn Fjellner. 🎫 What happened? Nothing too exciting — not…

Robert Jacobi reports that SiteLock has…

Photo of author
Dan Knauss
Security
Robert Jacobi reports that SiteLock has been acquired by Sectigo. SiteLock was a well-known security company within the WordPress community, and I recall them having a regular presence at WordCamps and other events.

The official PHP Git server was…

Photo of author
Dan Knauss
Security
The official PHP Git server was attacked this past week. The attack is still under investigation, but actions were quickly taken to protect it, and there is no active security risk. To learn more, you can read Enrico Zimuel's explanation.…

Some high-profile acquisitions to happen recently,…

Photo of author
Dan Knauss
HostingSecurity
Some high-profile acquisitions to happen recently, first in the hosting space: InMotion Hosting announced its acquisition of RamNode.com, a provider of "affordable and high-performance" unmanaged VPS Hosting." Mike Demo comments on the deal: "InMotion now has an EU data center…

This is a security nightmare: a…

Photo of author
Dan Knauss
DesignSecurity
This is a security nightmare: a researcher managed to breach over 35 major companies' internal systems (including Microsoft, Apple, PayPal, Shopify, and more) in a software supply chain attack. 😱 The attack comprised uploading malware to open source repositories including…

Gatsby recently chose headless WordPress for…

Photo of author
Dan Knauss
Security
Gatsby recently chose headless WordPress for its blog. Senior Product Marketing Manager Hashim Warren explains why: "WordPress enables us to have unlimited users (without paying a subscription per seat). WordPress also comes with powerful role-based permissions and has free plugins…

WordPress 5.6 Beta 2 is available…

Photo of author
Dan Knauss
Security
WordPress 5.6 Beta 2 is available for testing. WordPress 5.6 is still slated for release on December 8. 📅 In the meantime, you will want to upgrade to WordPress 5.5.2, which was released on Thursday. It features 14 bug fixes…

Sucuri has found some malware that…

Photo of author
Dan Knauss
Security
Sucuri has found some malware that can disable security plugins to avoid detection. 😨 This is really devious! Luke Leal explains: "If a user tries to reactivate one of the disabled security plugins, [the Malware] will momentarily appear to activate…

Call a Vulnerability a Vulnerability Roger…

Photo of author
Dan Knauss
Security
Call a Vulnerability a Vulnerability Roger Montii reporting for SEJ looks at an Authenticated Stored XSS vulnerability in the WPBakery Page Builder plugin. The vulnerability was discovered by Wordfence and fixed through their collaboration with WPBakery in a recent update.…
A2 Hosting
WordPress.com
Post Status

The Community for WordPress Professionals

Post Status

About

Jobs

Contact Us

Opportunities

Enterprise Sponsorships

Submit a Project

Partner Directory

Digital Agencies

Products

plugins

Hosts

Resources

Podcasts

Higher Ed Agencies

Newsletter Archive

Black Friday Deals

JOIN POST STATUS

[email protected]

Join Today

© 2024 Post Status. All rights reserved

Privacy Policy | Terms of Use