On this episode, Marcus Couch and I are joined by Alex Denning, Fred Meyer, and David Hayes of WPShout to discuss their WordPress Development course, Up and Running Second Edition. We learn why the trio created the course and who it’s geared towards. Later in the show, we have a great conversation surrounding the REST…
GoDaddy has announced that it has entered into an agreement to acquire Sucuri Security. Sucuri, founded by Daniel Cid and co-founded by Tony Perez in 2010, is a website security platform that helps clean and protect websites. Details of the deal were not disclosed. Like ManageWP, Sucuri will operate as a separate entity under the…
It has been nearly two weeks since the WordPress security team disclosed an unauthenticated privilege escalation vulnerability in a REST API endpoint in 4.7 and 4.7.1. The vulnerability was patched silently and disclosure was delayed for a week to give WordPress site owners a head start on updating to 4.7.2. Last week hundreds of thousands…
In this episode of WordPress Weekly, Marcus Couch and I are joined by Tony Perez, co-founder and CEO of Sucuri. It’s easy to tell from this episode that Perez is extremely passionate about web security. We discussed a wide range of topics related to security including, trends involving WordPress, the FUD factor, messaging surrounding HTTPS,…
Sucuri, a website security company that specializes in securing WordPress (and other CMS) sites, announced that SSL certificates are now available at no cost to all customers who make use of the company’s firewall. As a sponsor of the Let’s Encrypt initiative, Sucuri joins Automattic as one of the first companies to fully automate free…
Over the years, we’ve told users that the WordPress plugin directory is the safest place to download and install plugins from. This is due in large part to the dedication of volunteers who act as gatekeepers and review plugins before they’re added to the directory. Plugin updates, however don’t receive the same scrutiny as there’s…
If you use Akismet to battle comment spam, make sure it’s running version 3.1.5 as it patches a critical security vulnerability. Due to the nature of the bug, the Akismet team pushed out auto updates to sites that can accept them. According to Sucuri, sites using Akismet 3.1.4 and lower and that have the Convert…
Sucuri launched a new free performance tool today. The Global Website Performance Tester allows anyone to enter a URL and get a quick assessment of how fast the website is loading from 13 globally distributed testing stations. Results include three key metrics: connection time, time to first byte (TTFB) and total load time. At the…
Jetpack and the Twenty Fifteen default theme have been updated after a DOM-based Cross-Site Scripting (XSS) vulnerability was discovered. According to Sucuri, any plugin or theme that uses Genericons is vulnerable due to an insecure file included within the package. Genericons ships with a file called example.html which is vulnerable to attack from the Document…
If you use WP Slimstat, you’ll want to make sure you’re using version 3.9.6 or later as Sucuri has discovered a severe SQL injection vulnerability in versions 3.9.5 and lower. WP Slimstat is an analytics plugin for WordPress that provides real-time monitoring, heatmaps, and other features to monitor website data. According to Sucuri, the vulnerability…
If you use the InfiniteWP Client plugin, log into your sites and check for updates. According to Sucuri, versions under 1.3.8 are susceptible to a privilege escalation attack as well as a potential Object Injection Vulnerability. InfiniteWP Client is used to communicate to the Infinite WP service to manage WordPress sites remotely. A malicious individual…
Joseph Herbrandson of Sucuri published an excellent article listing the most common attacks today’s websites are facing. Herbrandson does a good job of explaining the attacks without inundating the reader with technical jargon. He also links to WordPress items that are relevant to each type of attack. I’ve spoken to Herbrandson at a few different…
If you use WP eCommerce, you’ll want to update as soon as possible to fix a security vulnerability discovered by Sucuri. According to the announcement, the vulnerability could be used by a malicious user to easily get access and modify private information on a site. Any website using WP eCommerce 3.8.14.3 or lower is at…
First reported by Sucuri, the WPTouch plugin has a dangerous security vulnerability and users are encouraged to update immediately. WPTouch is used to quickly add mobile support to websites and has over 5 million downloads making it one of the most popular plugins in the WordPress plugin directory. According to Sucuri, WPTouch incorrectly uses…
The popular All In One SEO Plugin for WordPress has released an update addressing two security issues discovered by Sucuri during a security audit. According to Sucuri, one of the vulnerabilities can be used to escalate privileges while the other deals with Cross Site Scripting attacks. A logged-in user who doesn’t have administrative capabilities is…