An important security update for WPML has been released

Recently, the development team of the WPML (WordPress Multilingual) plugin team was notified and revealed the top-level detail, of an issue that allows unauthorized access to some WPML internal features such as those used for configuration of translation jobs and changing plugin settings. It’s important to note that this vulnerability is only accessible to registered site users, not just any...
Read More
Developer working on websites codes in office. SEO optimization. Server logs analysis. Binary digits code editing. Coding script text on screen

Post Grid WordPress Plugin Flaw Found “Patch it sharpish if you use it…”

Two high-severity vulnerabilities in Post Grid, a WordPress plugin with more than 60,000 installations, opens the door to site takeovers, according to researchers. To boot, nearly identical bugs are also found in Post Grid's sister plug-in, Team Showcase, which has 6,000 installations. The issues are a cross-site scripting (XSS) flaw as well as a PHP object-injection issue. Both bugs are pending...
Read More
a person checking a WordPress website from a laptop

4 tips for managing WordPress plugins in 2020

Updating your WordPress plugins is most easily achieved from the Plugins tab in the WordPress dashboard. From there you can see which plugins have updates available, after which it’s a matter of hitting Update now to install the new versions. Minimise the number of plugins you have. Always remove plugins if you aren’t using them anymore. Keep your attack surface area as small as you can....
Read More
a robber behind a mobiel icon

Your password is your first line of defense against hackers, so make it a good one

Combine unrelated words to make stronger passwords To create a strong password, try combining two or more unrelated words. It could even be an entire phrase. Then change some of the letters to special letters and numbers. The longer your password, the stronger it is. A single word with one letter changed to an @ or ! (such as p@ssword!) doesn’t make for a strong password. Password cracking...
Read More

WordPress 5.2.4 Release Addresses Several Security Issues

The core WordPress team released version 5.2.4 of WordPress on October 14th 2019. The release addresses six security issues that were all privately reported through WordPress’ responsible disclosure procedure. Like any security release, users should update immediately to the latest version to keep their sites secure. All major branches of WordPress from version 3.7 to 5.2 received the new...
Read More

Google Chrome announces roll-out of mixed content blocking, beginning January 2020

The Google Security Team has announced a timeline for when Chrome will begin blocking mixed content by default in order to ensure that HTTPS browsing is more secure. Mixed content refers to HTTPS pages that load resources, such as images, videos, stylesheets, and scripts, over HTTP. The gradual rollout will begin with Chrome 79, which is scheduled for release in December 2019. The browser...
Read More website plugin

Hackers infecting WordPress sites via defunct “Rich Reviews” plug-in

If you’re a WordPress admin using a plug-in called Rich Reviews, you’ll want to uninstall it. Now. The now-defunct plug-in has a major vulnerability that allows malvertisers to infect sites running WordPress and redirect visitors to other sites. Rich Reviews was a WordPress plugin that lets sites manage reviews internally in WordPress, and also displays Google reviews for a business...
Read More
A person working on a website on a laptop

WordPress 5.2 “Jaco” – Keeping Sites Safer

WordPress 5.1 "Jaco" is now available! Update now to keep your website current, secure, and benefit from the latest feature enhancements. Keeping Your Site Safe WordPress 5.2 gives you even more robust tools for identifying and fixing configuration issues and fatal errors. Whether you are a developer helping clients or you manage your site solo, these tools can help get you the right information...
Read More