Robert Rowley

WordPress Business Roundup for the Week of November 14

Dan Knauss

November 18, 2022

Tom Willmot on the Challenges and Opportunities Facing Enterprise WordPress • Tom Lach on the costs of rapid growth — It's not for everyone • The Future of GiveWP and the Block Editor • Evolving Edupack — and Sunsetting It • and more...

Naming is hard—but important

Dan Knauss

November 16, 2022

NotesPlanet

This is an important topic that came out of a Post Status Slack #security discussion involving Robert Rowley and John James Jacoby: WordPress Terminology Meta. It continued over at the WPwatercooler.

Post Status Excerpt (No. 68) — On the Road to WordCamp US

Dan Knauss

September 9, 2022

BusinessDesign

In this episode Dan and Ny are tired! — but excited about heading to their first WordCamp of any kind. They talk about the things they're looking forward to seeing and doing at WCUS and in San Diego. Lots of interesting speakers and talks! Contributor day! Karaoke. Food comes up — a lot.

WordPress 6.0.2 Security and Maintenance Release: WordPress.org’s Bug Bounty Program at Work

Dan Knauss

August 31, 2022

NotesPlanet

Ram Dall over at Wordfence has a good breakdown of three vulnerabilities patched in the WordPress 6.0.2 Security and Maintenance Release.

When the Free Rider is Government

Dan Knauss

August 24, 2022

NotesPlanet

Chinmayi Sharma argues our digital infrastructure is built on open source, and it cannot provide adequate security so governments should help out.

Pentesting as Contributing

Dan Knauss

August 8, 2022

NotesPlanet

Robert Rowley at Patchstack explains what I believe is the first-ever reported vulnerability in Gutenberg (the plugin, not in WordPress core) to make the National Vulnerability Database. Robert has opened an issue for discussion in the Gutenberg GitHub repo that…

Nulled Themes and Plugins

Dan Knauss

August 1, 2022

NotesSecurity

My first experiences with "nulled" (or back in the day "cracked") software date back to the golden days of the Atari 8-bit and Commodore Amiga. Blank floppy disks were cheap, and like most kids, I did not have a lot…

Open Secrets: Forced Updates in WordPress

Dan Knauss

July 1, 2022

FeaturesMake WordPress

We've seen forced updates become increasingly common and less controversial over time. But who decides, and how is that decision made? Are there unofficial channels and processes, like a decision tree, for escalating to a forced update?

Zen and the Art of Lockpicking

Talisha Lewallen

May 20, 2022

PlanetPost Status Upgrade

Robert Rowley explains the basics of lock picking in this live, hands-on workshop for Post Status members.

Post Status Notes #494

David Bisset

April 15, 2022

DesignHosting

It's your weekly roundup of news briefs for busy WordPress professionals! This week we have: Core concerns • New Releases • Events, Planning & Inclusion • and some Things we don't see every day...

Don't miss David's fresh podcast picks for the week! 🎙️ As usual, Courtney has the week's news from the people making WordPress at .org. 🏗️

Finding the Upside in WordPress Security

David Bisset

March 24, 2022

PlanetSecurity

What if the way we talk about WordPress security focused on public acknowledgement of the security team members' work, goals, and successes?

Recently a vulnerability affecting WordPress core…

Brian Krogsgard

May 17, 2017

Recently a vulnerability affecting WordPress core and the password reset functionality came to light. Robert Rowley over at Pagely explains: Under three specific conditions the "forgot password?" functionality can be manipulated into sending the URL to reset a WordPress user’s…

Robert Rowley has been monitoring insecure…

Brian Krogsgard

December 16, 2016

Security

Robert Rowley has been monitoring insecure WordPress plugins which exposed PHP objects to potential injection on Pagely servers -- and shares how they addressed the issue. There are several interesting takeaways, but I especially liked his note about communicating with…