Category Archives: WordPress

WordPress: If you're not using the TwentyFifteen theme, delete it

If you are using it, be sure to update it!

#wordpress   #vulnerability  

Embedded Link

WordPress JetPack and TwentyFifteen DOM-based XSS Vulnerability | Sucuri Blog
A XSS vulnerability affects Jetpack and Twentyfifteen, both installed by default in millions of WordPress installs, caused by a flaw in the genericons package.

Google+: View post on Google+

WordPress is an excellent content management system

If you stay on top of updates (and use strong and secure passwords), your site will be in great shape, security-wise.

~~~

"Most content management systems are actually incredibly safe, and the core installation of WordPress is among the most secure on the web."

"At the end of the day, they [site insecurities] can all be linked back to insecure practices on the part of either a plugin developer or the end user – not the platform."

#wordpress   #cms   #security  

Embedded Link

Small Business: Stop ignoring WordPress security
There’s a perception among SMBs that security on WordPress is a non-issue. That needs to change. They’re putting themselves at risk – …

Google+: View post on Google+

If you currently use TheCartPress on your WordPress website, you may want to switch…

If you currently use TheCartPress on your WordPress website, you may want to switch to another cart solution. They're ending support on June 1, 2015.

For clients not already using WooCommerce, I've been moving clients to that shopping cart, which is the front-runner in WordPress shopping carts & should be supported for a long time, as they also sell solutions that are compatible with their free shopping cart.

#wordpress   #vulnerability   #ecommerce  

Embedded Link

WordPress e-commerce plug-in puts over 5,000 websites at risk | Networks Asia
Unpatched flaws could allow attackers to take control of websites running a WordPress plug-in called TheCartPress.

Google+: View post on Google+

Do you have pages or posts that have galleries of images that you'd like to quickly…

Do you have pages or posts that have galleries of images that you'd like to quickly make into a slideshow? This Gallery Slideshow plugin is for you. No need to build an external gallery and place it on your post or page – this does it automatically. You just need to add a shortcode to your page or post and voila, you have a gallery slideshow of all images associated with that page or post.

#wordpress   #gallery   #slideshow   #plugin  

Embedded Link

Gallery Slideshow
Turn any WordPress gallery into a simple, robust, lightweight and fluid slideshow.

Google+: View post on Google+

It's important to keep your WordPress software, plugins and theme files upda…

It's important to keep your WordPress software, plugins and theme files updated.

#security   #wordpress

Embedded Link

SMBs Neglect WordPress Sites and Flirt with Danger
A new study from CodeGuard reveals that many small business owners take unnecessary chances when it comes to protecting their WordPress websites.

Google+: View post on Google+

Looks like it's time for another server patch and reboot

Here's another article with a pull quote below:
WordPress users are advised to disable the XML-RPC process completely or to block pingback requests. Server administrators are advised to update their versions of glibc as soon as possible.

http://www.pcworld.com/article/2878252/ghost-linux-vulnerability-can-be-exploited-through-wordpress-other-php-apps.html

#exploit   #ghost   #gethostbyname   #linux   #wordpress  

Embedded Link

PHP Applications, WordPress Vulnerable to Ghost glibc Bug | Threatpost | The first stop for security news
Researchers at Sucuri revealed that applications such as WordPress that support PHP could also be subject to the Ghost vulnerability in glibc.

Google+: View post on Google+

WordPress – Vulnerability Alert

If you have a WordPress site, please take a moment to check your plugin directory to see if you have a folder called "revslider". If you do, please make sure that plugin is updated. Envato is offering the update for free download & can be accessed through a link from an Envato page that links from the attached article. (Link: http://codecanyon.net/item/slider-revolution-responsive-wordpress-plugin/2751380 )

The old Revolution slider 4.1.x plugin has a vulnerability. is a premium plugin that is used in many for-purchase themes. Unfortunately, it won't request to be updated if it was installed via a premium theme, so it's up to us to ensure our sites are safe.

#wordpress   #vulnerability   #revolution   #revolutionslider   #update  

Embedded Link

Report: Mysterious Russian Malware Is Infecting 100,000+ WordPress Sites
A Russian malware called SoakSoak has infected over 100,000 WordPress sites since this Sunday, turning blogs into attack platforms. It’s a potential shitshow, and it could’ve been prevented earlier this fall.

Google+: Reshared 1 times
Google+: View post on Google+

Do you have a WordPress site and use "WP Download Manager"?

Please update your plugin to ensure you're fixing a vulnerability found in versions below 2.7.4.

#wordpress   #security   #plugin   #update  

Embedded Link

Critical Remote Code Execution Flaw Found in WordPress Plugin
There is an easily exploitable remote code execution vulnerability in a popular WordPress plugin that helps manage file downloads and researchers say the bug could be used by even a low-level attac…

Google+: View post on Google+

"Infinite WP" WordPress plugin vulnerability notice

For anyone using the Infinite WP WordPress plugin, make sure you've updated your plugin so this vulnerability is no longer present on your site.

#wordpress   #plugin   #vulnerability   #infinitewp   

Embedded Link

Vulnerability found in Infinite WP WordPress client
A Sucuri researcher found a vulnerability that could allow a malicious attacker to take over a users sites and put them into maintenance mode.

Google+: View post on Google+