Security

What we learned today

Brian Krogsgard

April 21, 2015

In my blog post about today's coordinated plugin update, I discussed the logistics of many of the top WordPress plugins working together to put out an update to fix the misuse of add_query_arg() and remove_query_arg(). Throughout the day, I've tracked other…

Coordinated plugin updates to address security vulnerability in many popular WordPress plugins

Brian Krogsgard

April 20, 2015

PlanetSecurity

A coordinated plugin update occurred this morning between many popular WordPress plugins to address a common security vulnerability that allows for XSS cross-site scripting attacks.

WordPress REST API security update, due to exposed revisions and draft posts

Brian Krogsgard

April 9, 2015

Security

From the Make WordPress Core blog: This release fixes a serious information disclosure vulnerability, which allowed for unpublished content and post revisions to be retrieved via the REST API. and This release was coordinated by the REST API team and…

Andrew Nacin has joined the White House’s U.S. Digital Service

Brian Krogsgard

March 29, 2015

Make WordPressPlanet

Andrew Nacin now works at the U.S. Digital Service, the federal government service that aims to "redefine public service for a new generation." Nacin continues his role as WordPress lead developer, but is stepping back from working on the project full time.

WordPress News with Brian Richards

Brian Krogsgard

March 23, 2015

DraftPlanet

Brian Richards and I cover the week in WordPress news with a new short format (15 minute) podcast. The Excerpt is part of the Draft podcast, and will be balanced by long form interviews.

Understanding WordPress security vulnerabilities

Brian Krogsgard

March 17, 2015

Security

Daniel Cid has a good post on Sucuri that describes how they look at WordPress plugin vulnerabilities. Contrary to popular belief, just because you hear “SQL Injection”, it doesn’t mean someone can actually hack your site. The real problem comes…

Yoast SEO vulnerability, disclosure, and forced upgrade

Brian Krogsgard

March 11, 2015

Security

Yoast released a new version of the WordPress SEO plugin in the last 24 hours, which fixes a blind SQL injection vulnerability. According to a post mortem by Joost de Valk, the bug wasn't caught in security audits, but was…

WordPress security whitepaper

Brian Krogsgard

March 5, 2015

Security

The WordPress.org website now includes a WordPress security whitepaper, donated by WordPress.com VIP. It's sparse in its current form, but it's a great start. Why does this matter? Well, a whitepaper from the official project is a great tool for…

The most popular WordPress plugins

Brian Krogsgard

February 27, 2015

BusinessPlanet

WordPress plugin popularity has always been pretty tough to figure out. We only had download counts or independent, third party website scrapers to tell us anything. Now, WordPress.org itself has more data that's being tested and launched to give us real insight into the popularity of WordPress plugins.

It’s time to ditch download counts on WordPress.org and get real stats

Brian Krogsgard

February 25, 2015

Security

I'm grumpy today. Clickbait journalism annoys me, and WordPress security related clickbait journalism especially annoys me. Ars Technica, PC World, ZD Net, and TripWire are just a few sites that reported over a million WordPress sites were susceptible to being hacked…

Wikimedia, Automattic, and others file amicus in Twitter privacy case

Brian Krogsgard

February 18, 2015

Security

Automattic joined Wikimedia, Medium, and other organizations in filing an amicus brief regarding Twitter's National Security Letters lawsuit against the US government. https://twitter.com/Wikimedia/status/567857616006676480 This is all a bit confusing, but the brief opens in this way: We are small Internet companies…

Licensing matters

Brian Krogsgard

January 28, 2015

Security

There's a popular WordPress vulnerability scanner called WPScan. To validate its popularity: it has over 1,800 commits, 750 stars, and 165 forks on Github. The scanner is used by a lot of security folks, as well as other service and…

WordPress 4.1, “Dinah”

Brian Krogsgard

December 18, 2014

Make WordPressPlanet

WordPress 4.1, "Dinah", has just been released. WordPress 4.1 is the result of months of work and includes a number of excellent new features. WordPress 4.1 was led by John Blackbourn, who did an outstanding job. Two hundred and eighty three…

The anatomy of a security breach, and how to do good in a bad situation

Brian Krogsgard

September 25, 2014

BusinessPlanet

On Tuesday, iThemes posted an announcement that they had suffered from a security breach of their website and servers. The attackers had reached the servers which stored customer information, including email addresses, IP addresses, full names, and yes, passwords. iThemes…

Week in review: theme shops, hub and spoke, you can’t afford me, and much more

Brian Krogsgard

August 11, 2014

PlanetSecurity

Welcome to the seventh “Week in Review” on Post Status, where I hope to offer up some of the things you may have missed in the last week or so. A whole bunch of good stuff to read from the last…

WordPress and Drupal teams collaborate for simultaneous security releases

Brian Krogsgard

August 6, 2014

Make WordPressPlanet

WordPress and Drupal are both releasing security updates today that affect all supported versions of the two popular CMS platforms. Nir Goldshlager, a security researcher and part of the Salesforce.com Product Security Team, discovered a PHP-level vulnerability that could result…

What we learned today

Coordinated plugin updates to address security vulnerability in many popular WordPress plugins

WordPress REST API security update, due to exposed revisions and draft posts

Andrew Nacin has joined the White House’s U.S. Digital Service

WordPress News with Brian Richards

Understanding WordPress security vulnerabilities

Yoast SEO vulnerability, disclosure, and forced upgrade

WordPress security whitepaper

The most popular WordPress plugins

It’s time to ditch download counts on WordPress.org and get real stats

Wikimedia, Automattic, and others file amicus in Twitter privacy case

Licensing matters

WordPress 4.1, “Dinah”

The anatomy of a security breach, and how to do good in a bad situation

Week in review: theme shops, hub and spoke, you can’t afford me, and much more

WordPress and Drupal teams collaborate for simultaneous security releases

Post Status

Opportunities

Partner Directory

Resources

The Community for WordPress Professionals

Post Status

Opportunities

Partner Directory

Resources