WordPress Admins Urged to Remove miniOrange Plugins Due to Critical Flaw (thehackernews.com)
Over 10,300 sites at risk due to a vulnerability in miniOrange plugins allowing unauthenticated password changes and admin access.
Over 10,300 sites at risk due to a vulnerability in miniOrange plugins allowing unauthenticated password changes and admin access.
During development or troubleshooting I often find myself wanting to run something through WP CLI. These are some notes on running code through WP CLI.
Two vulnerabilities impacting the POST SMTP Mailer WordPress plugin, an email delivery tool used by 300,000 websites, could help attackers take complete control of a site authentication.
Over the weekend, we had an attacker try to exploit a local file inclusion (LFI) vulnerability that was recently fixed in the WordPress plugin Blog Designer Pack on our website. We are not running the
When it comes to protecting WordPress websites from being hacked through vulnerabilities in plugins, the solution is often simply keeping plugins up to date. But that doesn't work when a hacker finds
In this write-up, we talk about recent performance improvements that we did on WordPress 6.3, sharing both our findings and journey. While this post will mostly be around performance improvements a…
WordPress 6.3 brings significant improvements to the metadata API, enhancing the lazy loading capabilities for term, comment, and site metadata. These enhancements aim to improve performance, optim…
Gutenberg Phase 3 is bringing real-time collaboration and collaborative editing to WordPress. Here's what that will mean for the platform.
Here is a quick and easy way to find enabled PHP functions on your server using the phpinfo() function in WordPress.
This WordPress plugin development tutorial captures the steps I went through on a real project, including the mistakes I made and how I debugged them.
Do you understand PHP, and want to learn how WordPress works? Dive in with this technical WordPress tutorial for PHP developers.
The fifth installment of a monthly roundup that showcases features that are specific to theme and plugin developers. The latest updates are focused on the WordPress 6.3 development cycle.
A lively discussion is happening on the Gutenberg repository about renaming the Command Center. This new feature, designed to be an extensible quick search and command execution tool, was introduce…
Learn how to add or modify block supports in the Editor using client-side filters. This includes adding functionality not yet in WordPress.
Let’s dive into the world of colors, gradients, and duotone filers and discover how they can transform your WordPress website-building experience.
How to create custom template part areas to create a nicer user experience in WordPress block themes.
In WordPress, blockGap refers to the space between blocks and allows you to modify this space within the editor and theme.json.
A recent phishing campaign is targeting administrators of WordPress websites, trying to get them to install malicious code on websites. The phishing campaign was reported to be using the domain name e
In September, we wrote about how the WordPress plugin POST SMTP, which has 300,000+ installs, still contained SQL injection issues months after a public claim of a vulnerability involving that (and st
In the middle of August, we publicly warned that the WordPress plugin WooODT Lite contained an authenticated option update vulnerability, which would allow logged-in attackers to change arbitrary Word
SiteGround recently rebranded their SiteGround Security plugin for WordPress to Security Optimizer. That plugin has 1+ million installs according to WordPress.org stats. Like a lot of security plugins
One of the ways we keep track of possible vulnerabilities in WordPress plugins is to monitor the WordPress Support Forum for discussions related to those. Today, there was a concerning claim of a high
On the WordPress Support Forum, someone asked not that long ago if two-factor authentication (2FA) would prevent websites being hacked through security flaws in WordPress plugins? It's a good question
Part of how we keep track of vulnerabilities in WordPress plugins is by monitoring the WordPress support forum for relevant topics. What we are seeing a lot these days are developers who are trying to