On Monday, Mark Jaquith confirmed that WordPress 4.3 will see an overhaul in the way passwords are generated. The changes will encourage WordPress users to strengthen their login credentials, making their websites more secure. A stronger password will also make your website less vulnerable to brute force attacks. The proposed updates focus on the way passwords are chosen, as well as changing some important default settings in the UI. Let’s take a quick look at the four main points coming out of the proposal: WordPress will generate strong passwords by default. You can override this setting and create your own password, […]
This Week In WordPress: 05/11/2015
Have a news tip or upcoming WordPress event you’d like to share? Write us at [email protected]. News Highlights: LoopConf Videos: Couldn’t make it to last week’s LoopConf? Great news, all 21 hours of talks are freely available online! The Trojan Emoji: Speaking of LoopConf, Andrew Nacin gave a fun and in-depth talk titled “Anatomy of a Critical Security Bug” in which he discusses a vulnerability fix that was added under the “guise of Emoji support.” DOM-Based XSS Vulnerability: Sucuri recently published info on a DOM-based Cross-Site Scripting (XSS) vulnerability that could affect any theme or plugin that uses an example.html file, including the Jetpack plugin and WordPress’s TwentyFifteen […]
DOM-Based XSS Vulnerability Impacts Millions of WordPress Users
A WordPress security vulnerability has been discovered which could affect millions of WordPress users. The problem, spotted by security firm Sucuri, has been identified as a DOM-based Cross-Site Scripting (XSS) vulnerability. If you want to learn more about the technical side of the vulnerability, this is a great resource by Acunetix. The vulnerability relates to the genericon package; specifically the example.html file. Any theme or plugin that uses this example.html file is potentially vulnerable—if any of your themes or plugins utilize vector icons, you could be at risk. Worryingly, this is known to include the TwentyFifteen theme which ships with […]
OptinMonster App: A New Multi-platform Direction for the Popular WordPress Plugin
The OptinMonster team has announced big changes to the popular lead generation plugin. Going forward, OptinMonster will be exclusively available as a stand-alone SaaS lead generation software—the OptinMonster App. The changes mean that OptinMonster can now be used by non-WordPress users—Drupal, Joomla, Shopify, and Magento users can all install OptinMonster on their websites. (Of course, WordPress users will still be able to use OptinMonster, too.) Current OptinMonster users should be aware that the existing WordPress plugin will remain fully supported until the end of 2015, when it will be phased out. If you want to migrate over to the OptinMonster app, […]
This Week In WordPress: 05/04/2015
Have a news tip or upcoming WordPress event you’d like to share, write us at [email protected]. News highlights: Emoji: WordPress 4.2 now supports emoji (even in URLs!) Here’s a clever example used to show the history of copyright in the U.S. The real issue with ThemeForest: Brandon Yanofsky weighs the pros and cons of ThemeForest. There’s lots of great discussion on this topic happening in the comments. 2015 state of open source: Shaun’s write up of what open source looks like so far in 2015. WordPress memes: Bob Dunn shares a roundup of WordPress memes. Did he miss any good ones? May […]
A WordPress developer on censorship in Turkey
A few weeks back, we Tweeted some news about the Turkish government blocking access to 60 million WordPress sites in an effort to block one single blog post written by a professor accusing another professor of plagiarism. Shortly after we heard from Barış Ünver, a 27-year-old web developer and Tuts+ author living in Ankara, the capital of Turkey. @TheTorqueMag WordPress is blocked too? Heh, it seems that we set the record today: Facebook, Twitter, WordPress… and even Google. — Baris Unver (EN) (@BarisUnver_EN) April 6, 2015 Torque: You mentioned some trouble you had back in 2010, could you tell us a […]
This Week In WordPress: 04/27/2015
Have a news tip or upcoming WordPress event you’d like to share, write us at [email protected]. News Highlights: Inside Automattic’s hiring process: How Automattic hires most of its remote employees without a single voice conversation. WP Engine search: WP Engine Labs takes a crack at solving search on WordPress sites. m.website.com: XKCD’s take on mobile optimized sites. First impressions for 4.2: WordPress 4.2 is here. Here are some of our early impressions. WordPress 4.2 stored XSS: Just a couple days into its release, and researchers have discovered an exploit in which WordPress commenters can leave malicious JavaScript to take control of a server. WordPress 4.1.2 security release: A […]
First impressions of WordPress 4.2
Yesterday WordPress version 4.2 launched. Named “Powell,” paying homage to jazz pianist, Bud Powell, version 4.2 focuses on communication, sharing, and simplicity. Although WordPress 4.2 didn’t introduce anything ground-breaking, it was another solid update from the team of contributors behind core. Having now had a little more than 24 hours to test out the new features, today I want to share my thoughts on the main 4.2 changes. New characters and emojis WordPress is used internationally, and recent updates have focused on making WordPress more accessible to users of different nationalities. This trend continues with 4.2, which sees the utf-8 database upgraded to […]
WordPress 4.2 “Powell” now available
WordPress 4.2, named after American jazz Pianist, Bud Powell, is now available for download! This update improves the overall writing experience in WordPress, and includes under-the-hood changes that developers will love: Press This has been completely revamped to maximize speed and ease of content sharing. utf8 has been updated to utf8mb4 to provide out-of-the-box support for a host of new characters, including native Chinese, Japanese, and Korean characters, as well as musical and mathematical symbols, and emojis. You can now browse and preview themes directly in the Customizer. Plugins Screen has been updated for a more intuitive update and install. You can now seamlessly update your […]
‘Mobilegeddon’ unleashed: Google’s new mobile-friendly algorithm
Mobilegeddon is finally here. That’s right; today, April 21, Google unleashed the biggest algorithm shake-up in several years. The algorithm change specifically targets mobile searches. With an ever-growing number of mobile users, Google has been trying to enhance its mobile-friendliness for months now—something I first touched on in November 2014. Unlike the other major algorithm changes—notably Penguin and Panda—Google has been relatively open about the changes. They announced in February that the mobile-friendly update would be coming, and even provided a set of guidelines and testing tools to ensure your website wouldn’t be impacted too badly. This makes a lot of sense: previous […]
5 Comments
Join the conversation