In this episode, Marcus Couch and I are joined by Andrea Middleton who manages WordCamp Central. She tells us what it means to be a “dot organizer” within Automattic and what her day to day duties are managing WordCamp Central. We discuss whether the WordCamp Guidelines allow for differentiation between WordCamps. Middleton explains the various…
WordPress developer Ryan Hellyer had always wanted to open source his website. As a strong supporter of open source software and an avid plugin developer, he enjoys sharing his code and learning from others. This desire led him to put his site up on GitHub one evening, not knowing that he would wake to find…
The CEO of iThemes, Cory Miller, published a second update concerning the security breach that occurred on Tuesday. After news of the breach, customers were left wondering whether or not their passwords were stored in clear-text. The latest update confirms that passwords were in fact stored in clear-text and affected approximately 60,000 customers. There is…
iThemes published details on a security breach that took place earlier today. According to the announcement, after noticing suspicious activity, they noticed a signification attack on their membership database. iThemes urges all customers to reset their passwords immediately. To protect accounts from any unauthorized access, iThemes has temporarily reset all user passwords. To regain access…
iThemes announced Brute Force Login Protection has been added to the latest version of iThemes Security. The new feature enables users to protect their sites either locally or by activating a network wide setting. Local brute force protection looks only at attempts to access your site and bans users per the lockout rules specified locally.…
The founder of ManageWP, Vladimir Prelovac, has published an open letter addressed to the WordPress community on the topic of security. In the letter, he cites the third-party ecosystem surrounding WordPress is not only its biggest strength, but also its biggest weakness. He suggests a three-point plan to help mitigate security issues in themes and…
A couple days ago we wrote about a critical security vulnerability that was found in the popular WordPress Slider Revolution plugin and silently patched by its author. Envato Market has since launched further investigation of the matter, as the product is not only hosted on their marketplace but also packaged with many other products. The…
Marcus Couch and I are joined by CrowdFavorite CTO, Chris Lema. We talk about his new position and what the joint-venture partnership means for both CrowdFavorite and iThemes. Lema explains what the word enterprise means for WordPress products and near the end of the show, gives us his prediction on what will happen in the…
The security team at Sucuri publicized a critical vulnerability found in the WordPress Slider Revolution plugin recently. The bug has since been patched, but the development team for Slider Revolution kept silent about it and did not notify their users of the importance of updating. The popular commercial slider plugin is hosted on Codecanyon, an…
In this weeks show, Marcus Couch and I are joined by the founder of BruteProtect, Sam Hotchkiss. We learn the circumstances which lead to the birth of BruteProtect and how it operates. Hotchkiss explains the details of the acquisition with Automattic and how it will be rolled into Jetpack. While some people are not happy…
The past 156 episodes of WordPress Weekly are filled with stories of people who are doing exciting things with WordPress. For this episode, I decided to try something a little different. I handed the show over to Marcus Couch, who interviewed me. In the show, I describe how I became interested in computers and the…
WordPress users are strongly encouraged to update their sites to 3.9.2 as it’s a security focused release. According to the announcement, 3.9.2 fixes a possible denial of service issue in PHP’s XML processing. The bug was first reported by Nir Goldshlager of the Salesforce.com Product Security Team and was fixed by Michael Adams and Andrew…
Pippin Willamson, creator of the AffliateWP plugin, has discovered a serious bug within the All In One WordPress Security and Firewall plugin. According to a forum thread created by Williamson, All In One WordPress Security and Firewall automatically detects option ids with fwp as malicious and deletes them. Known WP Pharma Hack Entry: fwp and…
The JSON REST API plugin for WordPress released a security update over the weekend. Version 1.1.1 includes a fix for a vulnerability wherein the JSONP support built-in to the API could be used to serve up arbitrary Flash SWF files. This technique has been known to be used in the past to abuse JSON endpoints…
First reported by Sucuri, the WPTouch plugin has a dangerous security vulnerability and users are encouraged to update immediately. WPTouch is used to quickly add mobile support to websites and has over 5 million downloads making it one of the most popular plugins in the WordPress plugin directory. According to Sucuri, WPTouch incorrectly uses…