Last month a vulnerability was discovered in the Fancybox for WordPress plugin, making it possible for a hacker to inject an iframe into the website without needing administrator access. Although the issue was promptly patched, a string of seemingly random WordPress websites were recently compromised using this vulnerability. Hackers claiming to be acting on behalf…
Ultimate Member is the newest plugin to join the ranks of WordPress membership solutions after seven months in development. One month after landing in the WordPress.org directory, the plugin is already active on more than 2,000 WordPress sites and has received a 5-star rating from 73/75 reviewers. The WordPress ecosystem is flush with both free…
Last week a blind SQL injection vulnerability was discovered in Yoast’s popular WordPress SEO plugin. Given the severity of the vulnerability and the fact that the plugin is installed on more than one million WordPress sites, the security team at WordPress.org pushed a forced update to mitigate the possibility of mass exploitation. Following this incident,…
The BuddyPress Live Notification plugin was originally released in 2011. Brajesh Singh, prolific plugin author and founder of BuddyDev, created the plugin to provide Facebook-style real-time notifications for users. Over the past four years, a number of significant changes in both WordPress and BuddyPress have necessitated a complete rewrite of the extension. The 2.0 version…
When a critical security vulnerability was discovered in Yoast’s SEO plugin this week, WordPress.org took the initiative to automatically update users’ sites with the patched version of the plugin. Many users were taken by surprise, given that the WordPress codex clearly stated that automatic plugin and theme updates are disabled by default. Shortly after the…
WordPress 4.2 beta 1 is now available for early testers to download. It’s “pencils down” time for core contributors as far as new feature requests are concerned. This is the point in the release cycle where contributors are focusing their efforts on bug fixes and inline documentation. Drew Jaynes, the 4.2 release lead, posted the…
In this episode of WordPress Weekly, Marcus Couch and I discuss a lot of different stories. We share our opinions on the redesigned theme and plugin directories. We discuss CodeGuard’s survey results that indicate WordPress users need a lot more education on backup plugins, strategies, and services. Last but not least, we discuss the WordPress…
This post was contributed by guest author Peter Suhm. Peter is a web developer from the Land of the Danes. He is the creator of WP Pusher and a huge travel addict, bringing his work along with him as he goes. About two months ago, I released my first commercial WordPress product, WP Pusher,…
Easy Digital Downloads 2.3 is available for download and includes new features along with performance improvements. One of the highlights is the new customer management interface. The improved interface lets you quickly browse customer data in an intuitive fashion. There’s also some new API’s that allow developers to interact with customer data behind the scenes.…
The WordPress Foundation website is sporting a fresh coat of paint, based on the Twenty Fifteen default theme released with WordPress 4.1 last December. The foundation exists to further the mission of the open source project, most importantly by ensuring free access to the software for years to come. It also serves to protect the…
Akismet 3.1 is available for download and contains a bug fix that prevents it from inadvertently modifying a comment’s content during the spam filtering process. In addition to the bug fix, calls made to the Akismet API are now encrypted via SSL. While it may not seem like much on the surface, encrypting communications between…
A blind SQL injection vulnerability was discovered today in the popular WordPress SEO plugin by Yoast. WPScanVulnerability Database issued an advisory after responsibly disclosing the vulnerability to the plugin’s author: The latest version at the time of writing (1.7.3.3) has been found to be affected by two authenticated (admin, editor or author user) Blind SQL…
Finding and linking to previously published content on your site is a daily necessity for bloggers and content managers. Usually, you have to search the frontend of your site or search posts/pages in the admin to track down the content you’re trying to link. Mentionable is a handy tool, created by the folks at XWP,…
Delicious Brains, the creators of WP Migrate DB, published a guide that walks developers through the WordPress database. The guide describes every database table and there associated columns within WordPress single site. It also features an entity relationship diagram that explains the relationships between the various tables. Although the image was created for WordPress 3.8,…
CodeGuard, a service that specializes in automated backups to the cloud, has published the results of its 2015 WordPress survey. The survey took place between February 18th-20th and was answered by 503 WordPress users. Backing up is an important part of maintaining a website, so it’s a bit shocking to see such high percentages of…
Enter your email address to subscribe to this blog and receive notifications of new posts by email.