John Blackbourn highlights a few email-related…
John Blackbourn highlights a few email-related security improvements going into WordPress 4.9, including a change of email confirmation process.
John Blackbourn highlights a few email-related security improvements going into WordPress 4.9, including a change of email confirmation process.
I’ve read, I think, my favorite WordPress security post ever. I admit, I do get excited when something is teased to me as a trilogy, but Netanel Rubin follows through with flying colors. Now, this post is long. And when you click on it, you’re going to say, “Dang, this post is long.” But read…
WordPress 4.2.2 was released this evening in order to protect against a critical security bug in Genericons. From the release post: The Genericons icon font package, which is used in a number of popular themes and plugins, contained an HTML file vulnerable to a cross-site scripting attack. All affected themes and plugins hosted on WordPress.org…
One more security update: Ninja Forms had a pretty nasty bug that allowed arbitrary file uploading. They worked with a security researcher — who tells his tale here — and the WordPress plugin team to get forced-upgrades to all users.
If you’re looking for some good, recent podcasts, you might want to check out this interview with Brad Williams over at Robojuice. It’s an hour-long show focused on security and the question of whether WordPress is secure enough for Microsoft. The latest Mastermind.fm podcast includes Karim Marucchi of Crowd Favorite. Karim always has an interesting story…
WordPress 4.4.2 is out with a security and maintenance release. It should be a no-brainer update for everyone (and is probably updated on most of your sites by now, automatically). It affects all versions of WordPress and updates are out back through 3.7.
A critical security update was recently issued for Duplicator that Wordfence reported as affecting over a million WordPress sites. 🔓 Duplicator users should update to version 1.3.28 as soon as possible.