Wordpress expert.
2027 stories

Critical Vulnerability in File Manager Plugin Affecting 700k WordPress Websites

1 Share
Critical Vulnerability in File Manager Plugin Affecting 700k WordPress Websites

Yesterday, the WordPress plugin File Manager was updated, fixing a critical vulnerability allowing any website visitor to gain complete access to the website.

Users of our WAF were never vulnerable to this exploit. The Sucuri firewall blocks malicious payloads by default using our generic exploitation rules.

Technical Details

The vulnerability originated from the remains of a development environment on version 6.4 nearly 4 months ago, where a file was renamed to test certain features.

Continue reading Critical Vulnerability in File Manager Plugin Affecting 700k WordPress Websites at Sucuri Blog.

Read the whole story
1410 days ago
Rutland, VT
Share this story

Helen Hou-Sandi Announced as Core Tech Lead for WordPress 5.6 All-Women Release Squad

1 Share

Helen Hou-Sandi speaking at WordCamp Europe

Aiming to increase the number of women involved in leading and regularly contributing to WordPress releases, earlier this year WordPress Executive Director Josepha Haden shared an official stretch goal of an all-women release squad. A May update on the 2020 release squads confirmed the realization of that goal for the WordPress 5.6 release.

With WordPress 5.5 released, the WordPress 5.6 planning announcement officially introduced the women leading the release, including 10up’s own Director of Open Source Initiatives Helen Hou-Sandì who will serve as Core Tech Lead.

“I’m very excited to take part in this latest effort to be actively inclusive of different groups of contributors. In this case, the focus is on women, who have historically been underrepresented both in WordPress Core and in open-source software at large. Deliberately spotlighting a specific group gives those who may otherwise be reticent a chance to step up and also serves to inspire others who previously might not have pictured themselves in these roles. It’s incredibly gratifying and inspiring, even as a long-time lead developer, to not only see the number of women who volunteered their time but witness their sheer level of knowledge and expertise.

Of course, being a part of the release squad isn’t the only way to make an impact. The WordPress project wouldn’t be where it is today without its broader contributor base and I encourage everyone to see if there’s a part of WordPress 5.6 that they may like to work on. Writing code isn’t required, as there are contribution teams working in areas like design, documentation, translations, and marketing.”

— Helen Hou-Sandì

When Helen led the WordPress 4.0 release, 10up became the first agency to sponsor a release lead. Since then, we have sponsored two more release leads:

  • Web Engineer Drew Jaynes, emeritus, led the WordPress 4.2 release.
  • Helen once again stepped up as the release lead and I served as a deputy release lead for the WordPress 4.7 release, which saw the REST API merged into Core.

As a leading contributor to WordPress and the greater open-source community, we invest hundreds of hours every month through our Open Source Practice and other ad hoc contributions from our larger engineering organization to advance the technology we build upon and innovate with, and we’re especially proud to play a part in leading this release.

“As many businesses in high-tech strive to be more inclusive and often struggle to achieve better representation of women in engineering, in particular, we could not be more proud to see Helen setting an example by serving as the technical lead for another major release of WordPress.”

— Jake Goldman, President & Founder

Whether you’re considering a platform migration to WordPress, reimagining your brand’s digital experience, or pushing the boundaries of what is possible with the world’s most popular content management system, our unique insights and experience in building and contributing to the very tools our customers use is unmatched. Reach out to learn how 10up can accelerate your digital success.

If you want to work for a company that cares about open source and makes amazing projects and tools for WordPress, come work with us!

Read the whole story
1412 days ago
Rutland, VT
Share this story

WordPress 5.6 Development Kicks Off with All-Women Release Squad

1 Share
photo credit: Brodie Vissers

WordPress 5.5 has already been downloaded more than 4 million times after its release earlier this week, and it’s time to kick off work on 5.6. Josepha Haden will be leading the release alongside coordinator Dee Teal, with additional leads for Triage (Tonya Mork), Core Tech (Helen Hou-Sandì), Editor Tech (Isabel Brison), Design (Ellen Bauer and Tammie Lister), and several more women managing documentation, accessibility, marketing, testing, and other important aspects of the release. The full squad includes 46 women so far with a couple of roles left to be decided.

When Josepha Haden officially proposed the idea of having an all-women release squad, she emphasized that this doesn’t mean the release can only include contributions from women. In addition to the general objective of shipping a stable and enhanced version of the WordPress, Haden outlined a few more goals for this historic release:

My hope is that with a release squad comprised entirely of people who identify as women, we’ll be able to increase the number women who have that experience and (hopefully) become returning contributors to Core and elsewhere. This doesn’t mean the release will only contain contributions from women. And if our current squad training process is any indication, it also doesn’t mean that we’re asking a squad to show up and do this without support.

Francesca Marano, who worked as release co-lead for WordPress 5.3, published a post announcing the squad as well as the scope of the release. Two major items are already complete: conversion of the widget-editing areas and removal of support for PHP 5.6.x. The squad plans to deliver an impressive array of new features that are still in development:

  • Navigation menus block in Core
  • Automatic updates for major WordPress Core releases (opt-in)
  • New features from the block editor upgrades.
  • Widgets-editing and Customizer support in Core
  • Default theme, including an FSE compatible version
  • PHP 8 support
  • Public beta of Full Site Editing

A recent tweet from a woman who works as an iOS developer at Quicken Loans, asked if there have ever been women in software development working in leadership roles. Although many projects and organizations have women in such roles for many years (as seen in the replies to the tweet), the question demonstrates why representation still matters. WordPress 5.6 is an opportunity to make many more women leaders visible for people who need to see others like themselves in leadership roles.

So far the community has been very supportive of the plan for an all-women release squad and is rallying around the idea. WordPress 5.6 is the last release planned for the year and is expected to land on December 8, 2020.

Read the whole story
1429 days ago
Rutland, VT
Share this story

WordPress Names 5.5 Release Leads, Plans All-Women Release Squad for 5.6

1 Share

WordPress’ Executive Director, Josepha Haden, announced the names of the leaders who will be coordinating releases for the remainder of 2020. Version 5.5, expected to be released in August, will be led by Matt Mullenweg, with Jake Spurlock as the coordinator and David Baumwald on Triage. Haden also named tech and design leads for the editor, media, accessibility, and documentation. This release is set to introduce automatic updates for plugins and themes in core. It will also add the Navigation block and block directory to core.

In November 2019, Haden tweeted that one of her goals was to put together an all-women release squad by the end of 2020, an idea that was well-received by the community. Although WordPress has already had women lead releases, the realization of this idea would be the first time in the project’s 17-year history that the entire squad is composed of women leaders. Haden began recruiting for the team in March.

“My hope is that with a release squad comprised entirely of people who identify as women, we’ll be able to increase the number women who have that experience and (hopefully) become returning contributors to Core and elsewhere,” Haden said in her initial proposal. “This doesn’t mean the release will only contain contributions from women. And if our current squad training process is any indication, it also doesn’t mean that we’re asking a squad to show up and do this without support.”

Last Friday, Haden named 50 women to the upcoming 5.6 all-women release squad, set to land in December 2020. This group includes women who have volunteered to participate, first by joining a “ride along” process for the 5.5 release cycle. Participants will join triage sessions and meetings, as well as collaborate on a 5.5.x point release in preparation for steering 5.6.

The proposed scope for WordPress 5.6 includes opt-in automatic updates for major core releases, full-site editing in core, a new default theme, and more. Squad leaders will be named in a separate kickoff post.

Read the whole story
1503 days ago
Rutland, VT
Share this story

Consequences of Not Updating Your WordPress Website

1 Share

Do you see update notifications on your WordPress dashboard and choose to ignore them? Did you know using outdated WordPress installations allows hackers to exploit your website? 

According to WordPress statistics, only 36% of users have the latest version installed (as of February 2020).

Many website owners choose to defer installing updates to their WordPress website for several reasons. Some may feel updates come too frequently or they cause problems to their site. But not updating your website invites a world of trouble!

So today, we decided to discuss the impact of using outdated software. We also understand the pain points of updating your WordPress website. So, we’ll also give you tips on how to safely update your site – minus the hassle!

Why are WordPress Updates Important?

WordPress is an open source software. This means the public is invited to use it, modify it or suggest changes to it. Developers around the world can contribute towards improving the software which includes discovering security flaws. Let’s see how this works:

  • When security flaws are discovered in the WordPress software, developers report it to the WordPress team.
  • This core team fixes the issue promptly with a ‘security patch’ and rolls out an updated version. 
  • Website owners are prompted on their WordPress dashboard like so: “WordPress 5.3.2 is available! Please update now!” 
  • Once the site owner updates the WordPress installation, the security issue will be patched on their site. 

Now, what happens if you choose not to update your WordPress site?

By choosing to not update, the vulnerability remains present on your website. What’s worse is that when an update is released, the contents and reasons for the updates are included in the change log which is available publicly. Everyone around the world (including hackers) are now aware that a security flaw in the old version exists. 

Hackers use scanners to crawl through the web and find WordPress sites running on the old version. Once they find your site, it’s easy for them to hack because they know exactly what the vulnerability is.

The same process applies to themes and plugins as well. Most developers of themes and plugins constantly work towards improving their software. They release updates regularly to patch security issues, fix bugs, introduce new features and ensure compatibility with the core WordPress software.

By ignoring the update, you make the hacker’s job easy and invite them in. That’s why regular updates are so important in keeping your website safe. But apart from security concerns, not updating your site carries other consequences as well.

Consequences of Not Keeping Your WordPress Website Updated

You can run your website on an outdated WordPress installation, but eventually, you’ll face many issues by not updating. Here, we’ll discuss six major consequences of not updating your WordPress website:

Incompatibility Issues

Your WordPress site comprises multiple components. While the core is developed by the WordPress team, themes and plugins are created by third-party developers. All three elements progress through different versions as they are constantly being improved. When the core is updated, developers of themes and plugins alter their design to suit the new WordPress version. 

Now, if you’re running on an old WordPress version, you’d notice that certain plugins and themes are not compatible. This means you can’t install it or if you already have it installed, you’ll see it malfunction. In the WordPress repository, in the description, plugins/themes mention that it is compatible with “Version 5 and higher.” 

The same applies the other way around as well. If you’ve updated your WordPress core installation, but haven’t bothered to update the plugins, you’ll see that the old version of the plugin can no longer function with the new version of WordPress. This is why it’s so important to keep everything up to date.

Slow Performance and Speed

This is particularly true if you are using an old WordPress version (for example, 3.0) to power your business website. You could face website issues like slow loading speed, navigation-related problems, or redirected pages. By not updating, you miss out on essential bug fixes that can cause your website to malfunction. 

Outdated plugins and themes can increase website response time, causing visitors to lose interest quickly. All of this can lead to poor customer engagement and high bounce rates.

SEO Ranking Takes a Hit

Website performance factors like speed and inbound traffic boost the overall SEO ranking on popular search engines like Google. The slow loading speed of an outdated WordPress website can cause a drop in the incoming traffic, impacting your SEO ranking negatively. Plus, hackers find vulnerabilities on your site and break in, Google and other search engines blacklist your site. This means your visitors would see a warning like so:

Loss of Valuable Business Data

Many feel ‘My site is functioning fine. I don’t need the new version.’ But the longer you put off updates, the harder it’s going to get. You simply can’t run on an old version forever. Sooner or later, you will have to update. 

Now, updating from Version 3.0 to 5.0 means you’ve missed a ton of updates in between. This means a lot of bugs that were present in the old code have been left to manifest on your site. 

When you finally come to a point where you have to update, you’ll realize you’ll lose a lot of important data. The update can also break your website. 

Tip: In such situations, ensure you have a reliable backup in place and seek professional help to update your WordPress website.

Lack of WordPress Online Support

When you face issues on your website and turn to online support forums for help, most answers being discussed will relate to new versions of WordPress. You’ll have to extensively search for answers that relate to older versions.

Your Website Lags Behind

This is not so much a consequence as it is a loss. Technology is advancing every second making things better, faster, and smoother. When you choose not to update, you stand to miss out on new features and enhancements that are contained in the update.

You won’t have access to those little things that could transform your “good” website to an “amazing” website.

You can avoid these consequences by regularly updating the core WordPress version and the plugins/themes installed on your website. 

Now, we know that keeping your WordPress site updated is not as easy as clicking a button. Things can go wrong when you update and it deters many website owners from updating their sites. 

However, there are ways to safely update your site. And it must be done because getting hacked is just one problem with choosing to not update. There are many more repercussions you could face if you opt to stay on outdated versions. Furthermore, as we mentioned, the longer you wait, the worse it becomes. 

Before we wrap up, we’ll give you a few tips on how to update your website safely and regularly without feeling the burden of it.

How to safely update your WordPress site

Updates to WordPress, its themes and plugins come in quite often. And after you update your site, you might see server errors. For example, a client recently updated all the themes and plugins on their website. After it was complete, they saw this error while trying to access the website.

To avoid such issues, we recommend using a staging website. This site is an exact replica of your live website. Any changes made here will not affect the main site. So, you can test updates without worrying about a botched update. 

You can set up a staging site using a plugin in under a few minutes. A staging site enables you to try out updates, test new layouts and designs, and experiment with new content. Once you’re happy with the changes, you simply need to merge the changes to your live site. You don’t have to replicate the changes again on your live site.

We also recommend taking a backup of your site before making major changes to your site or installing updates. In case things go wrong, you can restore your backup and revert to your website’s previous state. If you used BlogVault to stage a site, the plugin will automatically take a backup for you.

By taking these two measures, you can safely update your site – never having to worry about botched updates and incompatibility issues. 

Final Thoughts

It’s important to update your WordPress site to keep it safe and secure against hackers. It’s a nightmare going through the ordeal of fixing a hacked website. In this scenario, prevention is always better than cure.

Plus, updates also carry numerous other benefits. Updates keep your site running at optimal speed and performance. This helps boost your SEO rankings, thus, increasing your visibility, traffic, and revenue. 

So basically, Stay Updated – to Stay safe! 

The post Consequences of Not Updating Your WordPress Website appeared first on Torque.

Read the whole story
1590 days ago
Rutland, VT
Share this story

BracketSpace Releases Library of Reusable Code for Plugin and Theme Development

1 Share

BracketSpace, a WordPress-centric software development company based, released Micropackage a few weeks ago. The project is a collection of open-source repositories with reusable code for inclusion in WordPress plugins and themes. The library currently has 13 packages, including a filesystem wrapper, a template system, an Advanced Custom Fields block creator, and more.

The company out of Poland specializes in project outsourcing and plugin development. Some of their more popular plugins include Advanced Cron Manager Pro and Notification, a custom notification plugin in which the BracketSpace sells pro extensions for various services.

The Micropackage project was driven by the needs of the team and its projects. “We started the Micropackage project to scratch our own itch,” said Jakub Mikita, CEO of BracketSpace. “During the past few years of active plugin and website development, we noticed that keeping the code standard was very important for maintainability.” The BracketSpace team had been copying and pasting code between projects. Eventually, the team asked themselves the inevitable question that most development teams come to — why not break all of this code up into small packages and maintain them in a single place? Thus, the Micropackage project was born.

BracketSpace is using all of the packages in many of its current plugins and themes because the code was originally taken from those projects. “We are now rewriting one of our flagship plugins, Notification, using the micropackages and intend to create every new plugin and theme using them,” said Mikita. “And, because they are loosely coupled, there can be a lot of configuration variations.

Package and dependency management is a standard part of development within the larger PHP development world. The use of packages has become more and more standard as WordPress has begun using modern JavaScript tooling. However, the ecosystem mostly falls short when dealing with PHP packages. While many plugin developers make use of such dependencies, the practice is not common. WordPress also has no built-in method of handling dependencies. The situation makes it hard for projects such as Micropackage to gain any real traction within the overall WordPress developer community.

The Available Packages

The project includes 13 repositories that can be included in WordPress plugins or themes via Composer. Most of the packages are currently available on the Micropackage page on Packagist. Several of the packages are essentially wrappers for various WordPress APIs for simpler usage. However, some of the packages offer new developer features.

Mikita said the following are the most important packages for the team:

  • DocHooks – PHP comment annotations repo that supports filters, actions, and shortcodes.
  • Requirements – Environment requirement checker for plugins.
  • Filesystem – Simplified wrapper around the WordPress Filesystem API.
  • Templates – Basic PHP templating solution that supports passing data to templates.
  • Responsive Embeds – JavaScript package for automatically making any embed responsive.

The repositories don’t stop there. They have built other wrappers for WordPress APIs, such as caching, scripts, and internationalization. The team also has a block creator for ACF that allows developers to create blocks from templates.

BracketSpace has at least five more packages planned for the project. At the moment, the packages have primarily targeted WordPress developers. However, Mikita said the team will also create platform-agnostic repositories whenever possible. That way, they will be useful for developers beyond the WordPress ecosystem.

Read the whole story
1590 days ago
Rutland, VT
Share this story
Next Page of Stories