Week in review: Themeforest changes, Jetpack 3.1, Polar Polls, Yoast and Sucuri partner
| | | |

Week in review: Themeforest changes, Jetpack 3.1, Polar Polls, Yoast and Sucuri partner

Welcome to the sixth “Week in Review” on Post Status, where I hope to offer up some of the things you may have missed in the last week or so. Unfortunately, I haven’t posted since the last week in review. Trust me, that’ll change this week. There are already a lot of posts lined up for…

An introduction to setting up SSH keys for server management
| |

An introduction to setting up SSH keys for server management

Utilizing SSH keys in conjunction with the servers you connect to is a great and highly recommended security practice. SSH stands for “Secure Shell” and enabling SSH for a server creates a secure channel between you (via the command line) and your server. SSH keys help the server validate and authenticate who you are. SSH…

| | |

Week in review: Beta 2, refinement, transparency, Do Action, apps, and more

Welcome to the fourth “Week in Review” on Post Status, where I hope to offer up some of the things you may have missed in the last week or so. There are a lot of great reads to catch up on this week: WordPress Beta 2 is ready for testing Self explanatory but important — WordPress…

All Pods 2.x versions need updating due to significant security vulnerability
| |

All Pods 2.x versions need updating due to significant security vulnerability

Scott Kingsley Clark notified me this morning that a security update has been released for all versions of Pods 2.0 and later. Pods allows for the creation or extension of WordPress content types. Any website that uses the feature to extend WordPress’ default Users with Pods are vulnerable to this bug. Here’s how Scott describes…

Fear mongering journalist pointlessly blasts WordPress
|

Fear mongering journalist pointlessly blasts WordPress

I encountered an article today that made my blood boil. Phillip Thomson wrote about the cost of three websites for the Australian Minister of Foreign Affairs for the Sydney Morning Herald. The article blasts Julie Bishop and her department for spending $113,000 on upgrades and maintenance for three websites. I have no opinion on Australian…

Pagely has new plans, a new dashboard, and a new Amazon Web Services infrastructure
| |

Pagely has new plans, a new dashboard, and a new Amazon Web Services infrastructure

Pagely has made some drastic changes to their hosting platform over the last few months. They’ve moved from Firehost to being fully powered by Amazon Web Services (AWS), led by their new CTO, Joshua Eichorn. Measuring tiers of hosting by pageviews is a popular method for WordPress hosting companies, but Pagely doesn’t do that. They…

WooThemes is investigating alleged website vulnerabilities
| | |

WooThemes is investigating alleged website vulnerabilities

Some WooThemes customers are alleging that their credit cards suffered from fraudulent charges after purchasing items from WooThemes’ website. The point of vulnerability is unknown at this time. The number of affected customers is unknown. The following is what we know: Just after 3:00 p.m. central time Wednesday, May 7th, WooThemes publicly tweeted struggles with their…

| |

Keys to building a successful remote workforce

Stack Overflow co-founder Jeff Atwood writes why companies are not hiring the best and the brightest employees. While the title says the article is about hiring, it’s really about working. His points boil down to a promotion for distributed workforces. He even highlights Automattic, though he incorrectly refers to them as WordPress. One point I…

| |

WordPress 3.8.3 fixes a bug with “Quick Draft”

Last week’s 3.8.2 security release introduced a bug where drafts written with the Quick Draft tool in the dashboard were not saved. That bug is fixed with today’s 3.8.3 release. What’s really interesting about this release is that not only is the bug fixed, but discarded draft posts will be restored, if possible. It’s possible that the quick…

Severe Jetpack vulnerability disclosed, some sites being updated automatically
|

Severe Jetpack vulnerability disclosed, some sites being updated automatically

A severe Jetpack vulnerability has been disclosed and patched in Jetpack. The bug allows attackers to publish posts, and has existed since 2012. The Jetpack blog post states the following: During an internal security audit, we found a bug that allows an attacker to bypass a site’s access controls and publish posts. This vulnerability could be combined…

| |

WordPress 3.8.2, 3.7.2, and 3.9 Release Candidate 1 have been released

All of your websites are ready for updates. There is a security and maintenance release ready for WordPress 3.8.2 and WordPress 3.7.2. It’s being released for both 3.7 and 3.8 due to the auto-updating feature released in WordPress 3.7. One of the items updated was to address the processing of pingbacks. The fix is identical…

Akismet releases update to address pingback vulnerability reports

Akismet releases update to address pingback vulnerability reports

Akismet, the popular WordPress spam prevention plugin by Automattic, has released an update with a number of fixes, including two to address recent reports of DDOS risks in WordPress related to pingbacks. The post describes the two points that address the pingback issues: “Include X-Pingback-Forwarded-For header in outbound WordPress pingback verifications.” “Add a pre-check for…

Clef offering password-less integrations for WordPress plugins that enable user registration

Clef is a password-less login solution that utilizes a phone app and WordPress plugin for more secure logins. You can get more specific information about two-factor authentication (which is different than this, but along similar lines) on my post where I experimented with two-factor authentication on WordPress.com. Clef has now partnered with WPMU DEV to…

|

Why we don’t use a CDN: A story about SPDY and SSL

A great post from Zack Tollman at The Theme Foundry on why defaulting to what most consider best practices can sometimes be detrimental to performance. Using a CDN (content delivery network) for the new site was a forgone conclusion, as we assumed it would help us speed things up. But, after testing with a few…

End of content

End of content