security

Security company Sucuri found a severe problem with WordPress core files this week – if you’re using WordPress 4.7.0 or 4.7.1, it’s important that you update to 4.7.2 right away, where the problem has been fixed. Basically, the vulnerability can allow a user to modify the content of any post or page within a WordPress […]

This week’s WordPress and web marketing links. Here’s some great advice from our preferred host, WP Engine, on how to secure your WordPress site. While there’s absolutely no way to make a site 100% secure, taking as many cues as you can from this list will help dramatically reduce the risk of hacking. These are the […]

This week’s WordPress and web marketing links. Is the permalink structure you set up when you first launched your WordPress site not working out as well as you’d like? You’d like to change it, but are worried about what it could do to your search engine rankings?  Don’t worry – while it can be a […]

This week’s WordPress and web marketing links. Love them or hate them, sliders just aren’t going away. If you’re looking for a slider plugin for WordPress, here’s a fairly new plugin worth checking out: Smart Slider 3. There’s a free version as well as a commercial version with Premium features. For more info, here’s an in-depth […]

Sucuri just released a security advisory about the popular WordPress plugin Jetpack, now in use on over 1 million sites. The security problem is only with the Shortcode Embeds module, so if this isn’t actively running on your site you’re not at risk for this issue (but you should update anyway!). Here’s information from Jetpack […]

Padlock

Our Small Business, Business and Premium Plans now come with additional security features from Sucuri. Our malware monitoring is the same as before – your site is scanned continuously for malware and hacks, plus your site is checked against the biggest blacklists. Cleanup of malware and removal from blacklists continue to be key features. The […]

Last week a critical security problem was found in the popular Akismet anti-spam plugin that comes installed by default with WordPress. If you haven’t updated already, please do it today! Version 3.1.5 was released on Thursday. More info on the problem here…

Ten Ways to Secure WordPress

I created an infographic for a recent presentation on WordPress security, I hope you find this useful and interesting! If you have questions about anything covered in the graphic add a comment. What else are you doing to secure your site?

A security problem was found in the hugely popular WooCommerce plugin today (a new patch released today, 2.3.11, fixes the problem). In certain situations, the vulnerability could be used to download files from the server. Read more about the security vulnerability here. WP Minder clients, you’ve already been patched.

Another XSS security issue was found today in the popular poly-plugin Jetpack and the Twenty Fifteen default theme. Both use a set of web icons for blogs called Genericons and this is where the issue lies – an insecure file within the Genericons package. Read more about the problem. WP Minder clients, you’re already patched.