Doc’s WordPress News Drop is a weekly report on the most pressing WordPress news. When the news drops, I will pick it up and deliver it right to you.
This week Doc talks about how WordPress version 4.9.3 breaks the auto-update feature and how 4.9.4 fixes it.
Doc also covers the recent Browsealoud plugin hack, which used a supply chain attack to take advantage of site visitor traffic for cryptomining purposes.
WordCamp Europe is looking for volunteers.
Don’t forget to nominate your favorite plugins for our Plugin Madness competition.
Love WordPress News, but hate reading? My name is Doc and this is Doc Pop’s News Drop.
If you watched last week’s News Drop then you may have noticed that as I was talking about WordPress version 4.9.3, an even newer version of WordPress came out. So I had to awkwardly add a note about the new version as I was editing the video. WordPress 4.9.4 only fixed one bug, so why was it so important that it was released within 24 hours of the previous update.
While WordPress 4.9.3 fixed 34 bugs, it ended up breaking the automatic update feature that many sites rely on to keep on the current WordPress version.
I’m a big fan of this auto-update feature and highly recommend most people leave it on. This feature only updates minor versions of WordPress by default, so if you had the feature on, it would have auto-updated from 4.9.2 to 4.9.3 last week, but that’s the version that broke auto-updates. Because of that, many users will need go in and manually update to version 4.9.4 to restore the auto-update functionality. Luckily, most WordPress sites may not be affected. If you are running a managed WordPress hosting for instance, there’s a good chance that your host would have manually updated your site to 4.9.4 for you.
If you aren’t sure if you were affected, I’d recommend simply opening your WP Dashboard and confirming you are on 4.9.4 or higher.
Speaking of updates, WordCamp Europe is looking for volunteers.
This year’s WordCamp Europe will be hosted in Belgrade Serbia on June 14th through the 16th. Last year’s event had 1,900 attendees, which is even more than WordCamp US, so it’s safe to say this is going to be the largest WordPress meetup in the world. In a recent post, the organizers put out a call for photographers to volunteer to document the event. If you are interested, you can go to 2018.europe.wordcamp.org for more info.
Our website, Torque Magazine, is actually a media partner for this event, so I’m hoping to visit Belgrade myself and share as many video interviews as I possibly can. I shot 8 interviews at WordCamp US last year.
In security news, cryptomining attacks are on the rise. On Sunday, researchers discovered that Browsealoud, a popular accessibility plugin, was compromised in a Supply Chain Attack. When installed, Browsealoud could read or translate text on your site out loud for site visitors, but the site relied on a Content Delivery System to do all the processing so your site didn’t have to. When visitors came to an affected site, the malware would use that visitors CPU to mine for cryptocurrency.
Luckily all that would have been affected is a slower computer and a higher energy bill, but apparently the hack could have been much worse. For example, it could have been collecting highly sensitive personal information.
Over 4,000 sites were affected by this hack, including the UK National Healthcare service and several Australian Provencial Government websites. Once a CDN host is compromised in a supply chain attack, sites reliant on that host, like the Browsealoud plugin, would have been affected immediately, but in this particular case the malware was detected and fixed within 4 hours of being compromised.
And just a final reminder that plugin madness is just around the corner, voting starts on March 5th, but if you haven’t yet, please be sure to visit PluginMadness.com and nominate your favorite WordPress plugins.
That’s it for this week’s News Drop, as always, I wanted to say thanks to all of you who have liked and subscribed to our videos. It’s great to see those numbers on the rise.
You can get more WordPress news from our website, Torquemag.io and stay tuned next week for more WordPress news.