WordPress security news and issues.
I had the opportunity recently to talk to Cory Miller, the founder of iThemes. Cory started iThemes in January 2008, so they are currently celebrating their 6th anniversary. Cory is a really thoughtful businessman and leader, and I really enjoyed our chat. If you’d like a good compliment to this interview, also listen to his…
iThemes has hired Chris Wiegman and taken over his very popular plugin, Better WP Security. Better WP Security has over a million downloads on WordPress.org and sells commercial support and installation services on FooPlugins. Better WP Security also has excellent ratings. This is another smart move by iThemes in the utility / safety space, as…
An email spam campaign disguised as being from Yoast is making the rounds. If you get an email from Yoast linking to their latest post, be sure to verify the sender and the link before you click it. According to Joost de Valk, they may not be the only site being targeted.
Brad Williams and Brian Messenlehner are co-founders of WebDevStudios and last week they teamed up with SiteGround to do a security presentation. They offer some scary statistics on security, go over an example hack, cover ways to secure your website, and give some recommended plugins and resources on security. If you’re just starting to learn…
Automattic is acquiring a security firm that has yet to be named or officially announced. The acquisition is said to be Automattic’s largest yet. Matt Mullenweg spoke to TechWeekEurope about security within WordPress and a bit about this acquisition. Well, I’m super curious who it is and how much the deal is worth. But increased…
WordPress 3.6.1 is out as a security release. Three security fixes were made, plus an additional security hardening measure. The security fixes affect all previous versions of WordPress. Check out the release details, and go update your sites.
My apologies for the headline. I couldn’t resist. Yesterday, Jeff at WP Tavern covered yet another new A/B testing service. With dreadful timing, the site was also flagged by Google as malware for some users. As a commenter points out in the follow-up post on WP-ABTesting (the flagged site), it turned out to be flagged…
Philip Arthur Moore is the Premium Theme team lead at Automattic. I’m thrilled to have been able to ask Philip some questions about WordPress.com premium themes, their processes, and working at Automattic. His answers are thorough and very insightful, and I’m thankful for the time he spent on this. You’re the Premium Theme Lead at…
In this article I talk about the current state of the wordpress.org repository backed up by recent statistics, and give advice on keeping plugins and themes secure during development.
Plugins are the new black in WordPress site development, and picking out the perfect plugins for your site can quickly become overwhelming. The WordPress.org plugin repository hosts over 26,000 plugins and the plugin forum contains over 1.3 million posts. Check out this plugin wordcloud – what stands out amongst the rest? With so many plugins…
If you’ve ever wanted a tour through the internals of a WordPress brute force attack, this is the post for you. Tony Perez, of Sucuri, uses an example attack to teach about what happens during such an attack. Tony also gives some practical advice for preventing this sort of attack from happening to you. It…
Lift is a WordPress-powered product, design and consultancy business. I’ve been following Chris Wallace, a Partner at Lift, for a long time. I’ve always known they do a lot of work for television and other interactive media, and this morning I discovered they were nominated for an Emmy for Outstanding Interactive Program. The nomination is…
Checkmarx, a company founded in 2006 that specializes in automated security code reviews has published a security vulnerability report on the top 50 plugins on the WordPress plugin repository. As WP Tavern’s Jeff Chandler summarizes, more than 20% of the 50 most popular WordPress plugins were vulnerable and 7 out of the 10 most popular…
WordPress 3.5.2 has just been released. As this is a maintenance and security release, there is no reason not to update right away. The releases fixes some fringe vulnerabilities and minor bugs.
Jason Cosper writes on the WP Engine blog that people need to stop saying WordPress is not secure, because it is. WordPress Core is rarely cause for security concerns, and hasn’t been for some time. However, due to WordPress’ massive scale of adoption, we all do need to be careful about what else we put…
Tony Perez, of Sucuri, has provided a summary, with explanation for the less security fluent of us, of a vulnerability in both W3 Total Cache and WP Super Cache. Definitely update right away.
End of content
End of content
