In this write-up, we talk about recent performance improvements that we did on WordPress 6.3, sharing both our findings and journey. While this post will mostly be around performance improvements a…
A lively discussion is happening on the Gutenberg repository about renaming the Command Center. This new feature, designed to be an extensible quick search and command execution tool, was introduce…
During development or troubleshooting I often find myself wanting to run something through WP CLI. These are some notes on running code through WP CLI.
Two vulnerabilities impacting the POST SMTP Mailer WordPress plugin, an email delivery tool used by 300,000 websites, could help attackers take complete control of a site authentication.
A recent phishing campaign is targeting administrators of WordPress websites, trying to get them to install malicious code on websites. The phishing campaign was reported to be using the domain name e
In September, we wrote about how the WordPress plugin POST SMTP, which has 300,000+ installs, still contained SQL injection issues months after a public claim of a vulnerability involving that (and st
In the middle of August, we publicly warned that the WordPress plugin WooODT Lite contained an authenticated option update vulnerability, which would allow logged-in attackers to change arbitrary Word
SiteGround recently rebranded their SiteGround Security plugin for WordPress to Security Optimizer. That plugin has 1+ million installs according to WordPress.org stats. Like a lot of security plugins
One of the ways we keep track of possible vulnerabilities in WordPress plugins is to monitor the WordPress Support Forum for discussions related to those. Today, there was a concerning claim of a high
On the WordPress Support Forum, someone asked not that long ago if two-factor authentication (2FA) would prevent websites being hacked through security flaws in WordPress plugins? It's a good question
Part of how we keep track of vulnerabilities in WordPress plugins is by monitoring the WordPress support forum for relevant topics. What we are seeing a lot these days are developers who are trying to
Over the weekend, we had an attacker try to exploit a local file inclusion (LFI) vulnerability that was recently fixed in the WordPress plugin Blog Designer Pack on our website. We are not running the
Yesterday, the developer of the 1+ million install WordPress plugin WP Fastest Cache committed a change to the plugin in the Subversion repository underlying the WordPress Plugin Directory that fixed
When it comes to protecting WordPress websites from being hacked through vulnerabilities in plugins, the solution is often simply keeping plugins up to date. But that doesn't work when a hacker finds
One method we have to measure the protection that WordPress firewall plugins offer is part of the regression testing software for our own firewall plugin. That software allows us to make sure the defa
If you are trying to use a variable font in your custom block theme via theme.json, you may be running into some issues that I also saw and, mostly, solved.
WordPress 6.3 brings significant improvements to the metadata API, enhancing the lazy loading capabilities for term, comment, and site metadata. These enhancements aim to improve performance, optim…
The fifth installment of a monthly roundup that showcases features that are specific to theme and plugin developers. The latest updates are focused on the WordPress 6.3 development cycle.