security

WordPress Weekly Featured Image

In this episode, John James Jacoby and I are joined by Jack Lenox, Software Engineer at Automattic, to discuss his new project, SustyWP. Lenox explains how he built the site so that it only has 7KB of data transfer, what sustainability on the web means to him, and the relationship (more…)

WordPress 4.9.5 Squashes 25 Bugs

WordPress 4.9.5 is available for download and is a maintenance and security release. WordPress 4.9.4 and earlier versions are affected by three security issues. The following security hardening changes are in 4.9.5. Localhost is no longer treated as the same host by default. Safe redirects are used when redirecting the (more…)

Let's Encrypt Wildcard Certificates Are Now Available

In July of last year, Let's Encrypt announced that it would begin issuing Wildcard certificates for free in January of 2018. Although a little late, the organization has announced that Wildcard certificate support is now live. In addition to these certificates, the organization has updated its ACME protocol to version (more…)

WordPress 4.9.2 Patches XSS Vulnerability

WordPress 4.9.2 has been released and patches a cross-site scripting vulnerability in the Flash fallback files in the MediaElement library. According to Ian Dunn, the Flash files are rarely needed and have been removed from WordPress. If you need access to the Flash fallback files, they can be obtained using (more…)

Jetpack 5.6.1 Increases Security of the Contact Form Module

Jetpack has released version 5.6.1 which hardens the Contact Form module by improving permissions checking when updating a form's settings. In addition to security fixes, the character count for when Publicize publishes content to Twitter has been increased to 280. This release also fixes a bug that disabled the ability (more…)

WordPress 4.9.1 Released, Fixes Page Template Bug

WordPress 4.9.1 is available for download and is a maintenance and security release. This release addresses four security issues in WordPress 4.9 and below that could potentially be used as part of a multi-vector attack. According to the release notes, the following changes have been made to WordPress to protect (more…)

WordPress 4.8.3, A Security Release Six Weeks in the Making

WordPress 4.8.3 is available and is a security release for 4.8.2 and all previous versions. This release addresses an issue with $wpdb->prepare() that could lead to a potential SQL injection. While WordPress core is not vulnerable, hardening has been added to prevent plugins and themes from inadvertently causing a vulnerability. (more…)