Jetpack 3.7.2 is available for download and patches two security vulnerabilities. The first is a cross-site scripting vulnerability in the contact form due to improper input sanitation that affects Jetpack 3.7.0 and below. Marc-Alexandre Montpas of Sucuri is credited with responsibly disclosing the vulnerability. The second is an information disclosure vulnerability present in certain hosting…
Last week, I shared the lessons I learned and the drawbacks to moderating comments in WordPress. In this post, I highlight six plugins that solve a problem I encountered or enhance comments for both readers and site administrators. All of the plugins are free of charge and available from the WordPress plugin directory. Problem Solvers…
If you use WP Super Cache, you should immediately update to version 1.4.5 as it patches a XSS vulnerability in the settings page. This version also prevents PHP object injections. In addition to security patches, 1.4.5 contains a number of bug fixes. Make sure to update your sites as soon as possible to patch the…
One of the key features in WordPress 4.3 is that comments on pages are disabled by default. If you only enable comments for posts, you may be interested in WP Comment Humility, a new plugin created by John James Jacoby that moves the top-level Comments menu item to the Posts menu. The following screenshot better…
Jetpack 3.7 is available and includes a simpler user interface, support for development sites, and fixes several issues with a variety of modules. The new interface separates some of Jetpack’s functionality into categories such as, performance and security, traffic growth, and WordPress.com tools. The most commonly used modules are listed first with a link underneath…
Moderating replies to comments in the backend of WordPress is tough. For example, WordPress 4.3 displays the reply and who it’s in response too, but doesn’t show the text of the parent comment. You can’t see the parent comment unless you open the author link in a new browser tab. This is not an optimal…
Customers who purchased WPML, a multilingual plugin for WordPress, are receiving a suspicious email that looks similar to a phishing attempt. Matt Radford, a customer of WPML, kindly sent the Tavern a copy of the email. Dear Matt, We want to make sure that your WPML account remains secure. For this, we are updating all…
If you run a WordPress site with user registration enabled and want to see recently registered accounts from the dashboard, check out the New User Dashboard Widget plugin by Swadeshswain. After installing and activating the plugin, a new registered user widget appears on the dashboard. The widget tells you a user’s registration date, name, and…
Stream 3 is available for download and includes some significant improvements. Stream is a WordPress plugin that tracks changes to a site similar to an audit trail. When version two was released nearly a year ago, it morphed from a plugin to a service. Activity logs were stored in the cloud which lessened the amount…
WP REST API version 1.2.3 and 2.0 Beta 4 address a security issue that affects sites running 1.2 or 2.0 beta. This release fixes a potential XSS vulnerability related to JSONP support in 1.2 and 2.0 of the API. Automatic updates are in progress for 1.2.3 but if your site hasn’t automatically updated, the team…
The WordPress project achieved a milestone earlier today as the official WordPress plugin directory surpassed one billion total downloads. According to Scott Reilly who helps maintain WordPress.org, we’ll never know which plugin generated the one billionth download. That’s because WordPress.org doesn’t log information that matches downloads to plugins. “A download counter exists for each plugin…
The team behind Postmatic is aiming to breathe new life into WordPress native comments with the 1.0 release of Epoch today. The plugin was created to provide a Disqus alternative with faster loading and submitting for comments. Epoch’s creators set an ambitious goal for themselves on the plugin’s description page: The goal: To provide a…
Generating Slack team invitations can become rather tedious when you’re managing a large group of people – particularly when the team is open to almost anyone. In the case of a company or organization, a Slack admin can use the feature that permits anyone with an email from a specified domain to be accepted on…
Three years ago, FooPlugins built FooLicensing, a digital license key management tool that enabled them to manage customers of their EDD-powered commercial plugins store. Although EDD already offered a license creation and management extension, FooPlugins required more features than it had at that time and opted to build their own. As of today, FooLicensing is…
In June of 2010, WordPress 3.0 Thelonious was released with the historic merge of WordPress MU into core and the debut of the brand new Twenty Ten default theme. This pivotal release also gave developers the ability to register their own custom post types. Expanding WordPress’ custom content capabilities beyond simple posts and pages has…