Plugins

Akismet Featured Image

If you use Akismet to battle comment spam, make sure it’s running version 3.1.5 as it patches a critical security vulnerability. Due to the nature of the bug, the Akismet team pushed out auto updates to sites that can accept them. According to Sucuri, sites using Akismet 3.1.4 and lower (more…)

iThemes Security Brute Force Login Protection Featured Image

If you’ve noticed an influx of brute force attacks on your site, you’re not the only one. Sucuri is reporting that brute force amplification attacks are targeting WordPress sites with XML-RPC enabled. In a nutshell, XML-RPC contains a system.multicall method which allows developers to execute multiple methods and commands inside (more…)

Jetpack 3.7.2 Patches Two Security Vulnerabilities

Jetpack 3.7.2 is available for download and patches two security vulnerabilities. The first is a cross-site scripting vulnerability in the contact form due to improper input sanitation that affects Jetpack 3.7.0 and below. Marc-Alexandre Montpas of Sucuri is credited with responsibly disclosing the vulnerability. The second is an information disclosure (more…)

WP Super Cache Featured Image

If you use WP Super Cache, you should immediately update to version 1.4.5 as it patches a XSS vulnerability in the settings page. This version also prevents PHP object injections. In addition to security patches, 1.4.5 contains a number of bug fixes. Make sure to update your sites as soon (more…)

New User Registered Dashboard Widget

If you run a WordPress site with user registration enabled and want to see recently registered accounts from the dashboard, check out the New User Dashboard Widget plugin by Swadeshswain. After installing and activating the plugin, a new registered user widget appears on the dashboard. The widget tells you a (more…)

WP Rest API Featured Image

WP REST API version 1.2.3 and 2.0 Beta 4 address a security issue that affects sites running 1.2 or 2.0 beta. This release fixes a potential XSS vulnerability related to JSONP support in 1.2 and 2.0 of the API. Automatic updates are in progress for 1.2.3 but if your site (more…)