WordPress Admins Urged to Remove miniOrange Plugins Due to Critical Flaw (thehackernews.com)
Over 10,300 sites at risk due to a vulnerability in miniOrange plugins allowing unauthenticated password changes and admin access.
Quick and Dirty WP CLI - Sal Ferrarello (salferrarello.com)
During development or troubleshooting I often find myself wanting to run something through WP CLI. These are some notes on running code through WP CLI.
Over 150k WordPress sites at takeover risk via vulnerable plugin (www.bleepingcomputer.com)
Two vulnerabilities impacting the POST SMTP Mailer WordPress plugin, an email delivery tool used by 300,000 websites, could help attackers take complete control of a site authentication.
OC Exploited Vulnerability in WordPress Plugin Vulnerability Shows Importance of Robust Firewall Protection (www.pluginvulnerabilities.com)
Over the weekend, we had an attacker try to exploit a local file inclusion (LFI) vulnerability that was recently fixed in the WordPress plugin Blog Designer Pack on our website. We are not running the
OC How a WordPress Firewall Plugin Stops Exploitation of Zero-Day That Automattic’s Jetpack Didn’t (www.pluginvulnerabilities.com)
When it comes to protecting WordPress websites from being hacked through vulnerabilities in plugins, the solution is often simply keeping plugins up to date. But that doesn't work when a hacker finds
Speedier PHP Execution in WordPress 6.3 (developer.wordpress.com)
In this write-up, we talk about recent performance improvements that we did on WordPress 6.3, sharing both our findings and journey. While this post will mostly be around performance improvements a…
Improvements to the metadata API in WordPress 6.3 (make.wordpress.org)
WordPress 6.3 brings significant improvements to the metadata API, enhancing the lazy loading capabilities for term, comment, and site metadata. These enhancements aim to improve performance, optim…
Real-Time Collaboration in WordPress: Here's What to Expect (torquemag.io)
Gutenberg Phase 3 is bringing real-time collaboration and collaborative editing to WordPress. Here's what that will mean for the platform.
Finding Enabled PHP Functions In Your WordPress Hosting Using phpinfo() (wpmudev.com)
Here is a quick and easy way to find enabled PHP functions on your server using the phpinfo() function in WordPress.
Writing a WordPress Plugin From Scratch: A Step-by-Step Tutorial (wpshout.com)
This WordPress plugin development tutorial captures the steps I went through on a real project, including the mistakes I made and how I debugged them.
The Essential WordPress Tutorial for PHP Developers (wpshout.com)
Do you understand PHP, and want to learn how WordPress works? Dive in with this technical WordPress tutorial for PHP developers.
What’s new for developers? (June 2023) (developer.wordpress.org)
The fifth installment of a monthly roundup that showcases features that are specific to theme and plugin developers. The latest updates are focused on the WordPress 6.3 development cycle.
WordPress Contributors Discuss Renaming Command Center Tool (wptavern.com)
A lively discussion is happening on the Gutenberg repository about renaming the Command Center. This new feature, designed to be an extensible quick search and command execution tool, was introduce…
How to modify block supports in WordPress using client-side filters (nickdiego.com)
Learn how to add or modify block supports in the Editor using client-side filters. This includes adding functionality not yet in WordPress.
Exploring Color in WordPress Block Themes - Builders (wpengine.com)
Let’s dive into the world of colors, gradients, and duotone filers and discover how they can transform your WordPress website-building experience.
Upgrading the WordPress site-editing experience with custom template part areas (developer.wordpress.org)
How to create custom template part areas to create a nicer user experience in WordPress block themes.
Understanding blockGap in WordPress Block Themes (gutenbergmarket.com)
In WordPress, blockGap refers to the space between blocks and allows you to modify this space within the editor and theme.json.
OC Security Provider CloudFlare Providing Service for Phishing Campaign Targeting WordPress Websites (www.pluginvulnerabilities.com)
A recent phishing campaign is targeting administrators of WordPress websites, trying to get them to install malicious code on websites. The phishing campaign was reported to be using the domain name e
OC Plugin That is Part of Patchstack’s Vulnerability Disclosure Program (VDP) Is Still Adding Vulnerable Code (www.pluginvulnerabilities.com)
In September, we wrote about how the WordPress plugin POST SMTP, which has 300,000+ installs, still contained SQL injection issues months after a public claim of a vulnerability involving that (and st
OC Wordfence Premium Added “Real-Time Firewall Protection” for Plugin Vulnerability Over Two Months After It Was Disclosed (www.pluginvulnerabilities.com)
In the middle of August, we publicly warned that the WordPress plugin WooODT Lite contained an authenticated option update vulnerability, which would allow logged-in attackers to change arbitrary Word
OC Siteground’s Security Plugin’s Advanced XSS Protection Isn’t Protection, Advanced or Otherwise (www.pluginvulnerabilities.com)
SiteGround recently rebranded their SiteGround Security plugin for WordPress to Security Optimizer. That plugin has 1+ million installs according to WordPress.org stats. Like a lot of security plugins
OC 300,000+ Install Widgets for Google Reviews WordPress Plugin Doesn’t Contain a High Risk Arbitrary File Upload Vulnerability (www.pluginvulnerabilities.com)
One of the ways we keep track of possible vulnerabilities in WordPress plugins is to monitor the WordPress Support Forum for discussions related to those. Today, there was a concerning claim of a high
OC What Impact Does Two-Factor Authentication (2FA) Have On Hackings Through WordPress Plugin Vulnerabilities? (www.pluginvulnerabilities.com)
On the WordPress Support Forum, someone asked not that long ago if two-factor authentication (2FA) would prevent websites being hacked through security flaws in WordPress plugins? It's a good question
OC WordPress Firewall Plugins Protect Against Vulnerability Without Rule Needed for Wordfence Security To Do That (www.pluginvulnerabilities.com)
OC Changes WordPress Plugin Developers and Patchstack Can Take to Better Handle Vulnerabilities (www.pluginvulnerabilities.com)
Part of how we keep track of vulnerabilities in WordPress plugins is by monitoring the WordPress support forum for relevant topics. What we are seeing a lot these days are developers who are trying to
