Tom Willmot on the Challenges and OpportunitiesΒ Facing Enterprise WordPress β’ Tom Lach on the costs of rapid growth β It’s not for everyone β’ The Future of GiveWP and the Block Editor β’ Evolving Edupack β and Sunsetting It β’ and more…
This is an important topic that came out of a Post Status Slack #security discussion involving Robert Rowley and John James Jacoby: WordPress Terminology Meta. It continued over at the WPwatercooler.
In this episode Dan and Ny are tired! β but excited about heading to their first WordCamp of any kind. They talk about the things they’re looking forward to seeing and doing at WCUS and in San Diego. Lots of interesting speakers and talks! Contributor day! Karaoke. Food comes up β a lot.
Ram Dall over at Wordfence has a good breakdown of three vulnerabilities patched in the WordPress 6.0.2 Security and Maintenance Release.
Chinmayi Sharma argues our digital infrastructure is built on open source, and it cannot provide adequate security so governments should help out.
Robert Rowley at Patchstack explains what I believe is the first-ever reported vulnerability in Gutenberg (the plugin, not in WordPress core) to make the National Vulnerability Database. Robert has opened an issue for discussion in the Gutenberg GitHub repo that has a good quick summary of the vulnerability. It appears to be only a theoretical…
My first experiences with “nulled” (or back in the day “cracked”) software date back to the golden days of the Atari 8-bit and Commodore Amiga. Blank floppy disks were cheap, and like most kids, I did not have a lot of money or even at times access to legitimate software distributors. Naturally, the way we…
We’ve seen forced updates become increasingly common and less controversial over time. But who decides, and how is that decision made? Are there unofficial channels and processes, like a decision tree, for escalating to a forced update?
Robert Rowley explains the basics of lock picking in this live, hands-on workshop for Post Status members.
It’s your weekly roundup of news briefs for busy WordPress professionals! This week we have: Core concerns β’ New Releases β’ Events, Planning & Inclusion β’ and some Things we don’t see every day…
Don’t miss David‘s fresh podcast picks for the week! ποΈ As usual, Courtney has the week’s news from the people making WordPress at .org. ποΈ
What if the way we talk about WordPress security focused on public acknowledgement of the security team members’ work, goals, and successes?
Recently a vulnerability affecting WordPress core and the password reset functionality came to light. Robert Rowley over at Pagely explains: Under three specific conditions the “forgot password?” functionality can be manipulated into sending the URL to reset a WordPress userβs password to an email address controlled by a malicious party. Robert outlines what conditions need…
Robert Rowley has been monitoring insecure WordPress plugins which exposed PHP objects to potential injection on Pagely servers — and shares how they addressed the issue. There are several interesting takeaways, but I especially liked his note about communicating with plugin authors: Plugin security reporting works, when all parties treat each other respectfully and talk…
End of content
End of content
