The Weekly round up of news, tips, and information to help you create the best possible WordPress website. This is a weekly round up of WordPress news I have accumulated from across the web some old some new but always interesting. The new relates to WordPress and sometimes other areas of the web. It often has a focus on security and more.

Round up of WordPress News and Tips October 2, 2017

The Weekly round up of news, tips, and information to help you create the best possible WordPress website. This is a weekly round up of WordPress news I have accumulated from across the web some old some new but always interesting. The new relates to WordPress and sometimes other areas of the web. It often has a focus on security and more.The Weekly round up of news, tips, and information to help you create the best possible WordPress website.

This is a weekly round up of WordPress news I have accumulated from across the web some old some new but always interesting. The new relates to WordPress and sometimes other areas of the web. It often has a focus on security and more.

We try to have news here that is not only important to help you with your website as well as new from the #wpdrama scene and more to share.

Some of the news here will be of interesting links to not only articles but training materials and other sources I can find online that will help you create a better WordPress website.

 


This week we have the following news for you.

How to Use Domain Mapping When You’re Not Running Multisite

https://premium.wpmudev.org/blog/domain-mapping-without-multisite/Our Domain Mapping plugin makes mapping domains super easy in Multisite. It lets you create as many sites as you want in one WordPress installation and then make them all behave as if they’re separate sites echo on their own domain.

But sometimes you want to map a domain when you’re not running Multisite. You’ve created a site in its own WordPress installation somewhere on your server, maybe in a subdirectory, but you want to direct a domain name to it and have that show up in the browser instead of your own domain with the subfolder or subdomain showing up. Read original article here…. premium.wpmudev.org

How to Track Post Changes by Adding a History Feature to WordPress

https://www.elegantthemes.com/blog/tips-tricks/how-to-track-post-changes-by-adding-a-history-feature-to-wordpress?utm_source=Elegant+Themes&utm_campaign=b5104ca772-WordPress_Daily&utm_medium=email&utm_term=0_c886a2fc0a-b5104ca772-51249745If you’re running a website with multiple contributors, it can be hard to track post changes in WordPress itself. This can become a problem if you’re trying to identify the source of an error, or keep tabs on your writers’ activity.

Finding a way to track post changes in WordPress enables you to keep logs of practically all of the activity for your posts and pages. For this article, we’ll talk about why this functionality can help you and how to implement it in three simple steps. Let’s get to it! Read original article here…. elegantthemes.com

How to Run a Contest with WordPress (and Plugins to Help You Do It)

https://premium.wpmudev.org/blog/contest-plugins-wordpress/About a month ago, a woman named Mavis Wanczyk won a monster Powerball payout of $758.7 million. Wanczyk wasn’t the only winner that night either. In a store nearby, someone else bought a ticket worth $1 million. There were also other winners from this single Powerball play—9.4 million people (or, rather, tickets) to be exact.

Now, if that isn’t proof enough of how much people love entering contests in the hopes of winning something (no matter what sort of odds are stacked against them), I don’t know what is. Read original article here…. premium.wpmudev.org

Handling Form Submissions in WordPress with Admin-Post and Admin-Ajax

https://premium.wpmudev.org/blog/handling-form-submissions/WordPress provides incredible support for you to work with form submissions in your application. Whether you add a form in the admin or public facing areas, the built-in mechanism with the admin-post and admin-ajax scripts will allow you to handle your form requests efficiently.

In this article, I’ll show you how to handle custom form submissions using the WordPress API. I’ll walk you through the process of adding a custom form in the admin area of a plugin, handle the form submission via an HTML as well as an AJAX request, and write the form handler in PHP to validate, sanitize and process the form input. Read original article here…. premium.wpmudev.org

20 of Google’s limits you may not know exist

http://searchengineland.com/20-googles-limits-may-not-know-exist-281387Google has a lot of different tools, and while they handle massive amounts of data, even Google has its limits. Here are some of the limits you may eventually run into.

Many of the data reports within Google Search Console are limited to 1,000 rows in the interface, but you can usually download more. That’s not true of all of the reports, however (like the HTML improvements section, which doesn’t seem to have that limit).

The limit for the number submitted is higher, but you will only be shown 200. Each of those could be an index file as well, which seems to have a display limit of 400 site maps in each. You could technically add each page of a website in its own site map file and bundle those into site map index files and be able to see the individual indexation of 80,000 pages in each property… not that I recommend this. Read original article here…. searchengineland.com

 

 


This week we have the following Security News for you.

Malicious plugin installed backdoor on 200,000 WordPress websites

https://www.scmagazine.com/malicious-plugin-installed-backdoor-on-200000-wordpress-websites/article/688878/A very persistent malicious actor added a backdoor to a WordPress plugin called Display Widgets that installed backdoors on possibly 200,000 websites since June 21.

The hacker used the open-source Display Widgets plugin, which lets users control how their WordPress plugins appear on their sites, as the delivery mechanism for the backdoor. Although the number of potentially infected sites is large, what is almost as impressive is the hacker’s persistence. The infected plugin was repeatedly removed from the site by WordPress.org between June 22 and September 8 with the hacker dutifully replaced it.

It was finally removed for good on September 8. Read original article here…. scmagazine.com

60 Abandoned WordPress Plugins

https://pressable.com/blog/2017/09/14/60-abandoned-wordpress-plugins/WordPress security threats are on the rise. In some cases, hackers can gain control over WordPress sites. Now, the question arises, how can you secure your WordPress sites?

A major cause of security breaches in WordPress sites is outdated plugins and themes. These elements of a site can be particularly vulnerable to exploitation, and hackers are well aware of this. If a plugin hasn’t been updated during the past 2 years, it is categorized as an abandoned, or outdated plugin. Moreover, it may pose compatibility issues with WordPress. Read original article here…. pressable.com

7 Signs Your WordPress Website Has Been Hacked

http://domainnamewire.com/2017/08/24/7-signs-your-wordpress-website-has-been-hacked/One of the reasons WordPress is so popular as a content management system is because of its airtight security (read: it’s rare ability to be hacked). But the truth is, 136,640 attacks are happening per minute to WordPress websites across the globe.

That’s a scary thought.

In fact, weak passwords, domain or hosting level breaches, insecure themes and plugins, and even an outdated WordPress core may cause your website to become more vulnerable than normal. Read original article here…. domainnamewire.com

 

 


And now for something older in the past article collections.

How to Beat Procrastination and Get More Done on Your WordPress Site

http://www.wpexplorer.com/beat-procrastination-wordpress/Everyone procrastinates now and then, but some people suffer much more than others. If you feel that procrastination is negatively affecting your productivity, then it is time to do something about it.

In this article we will look at why people procrastinate and what you can do about it. We discuss the importance of being clear on your goals and knowing your distractions and other weaknesses. We then consider productivity tips and tricks to help you maintain motivation and keep focused. Read original article here…. wpexplorer.com

How to Become a WordPress Professional in Your Free Time

https://premium.wpmudev.org/blog/become-wordpress-professional/Getting established as a WordPress pro isn’t easy. If you want to freelance or set up a WordPress business, you’ll need to build up a list of clients and establish a reputation for yourself. And if you’re looking for a WordPress job, you’ll need to demonstrate that you’ve got experience with WordPress and can work with it at a professional level.

But all this takes time learning and preparing, which you won’t get paid for. Unless you’re lucky enough to have an employer who’ll pay for you to learn WordPress (and give you paid time to do it), or who’ll help you learn marketing and business skills (working for a startup can be helpful), you’ll need to do it in your own time. Read original article here…. premium.wpmudev.org

The Complete Guide to the WordPress Theme Customizer

https://premium.wpmudev.org/blog/wordpress-theme-customizer-guide/WordPress 4.7 was released with a ton of great new features (which you can check out here), including some user experience and user interface upgrades to the theme Customizer.

In case you’re hearing about the Customizer for the first time, it’s a feature in the WordPress admin (go to Appearance > Customize) that allows users to tweak theme settings using a WYSIWYG interface and customize a theme’s colors, fonts, text, and pretty much anything else you want to change. Read original article here…. premium.wpmudev.org

6 Steps to Building a WordPress Maintenance Business

https://www.sitepoint.com/6-steps-to-building-a-wordpress-maintenance-business/Recurring revenue is the Shangri-La for business owners. Rather than scrapping and fighting and hunting for new clients, you have the same clients coming to you again, providing you with a steady stream of income. It takes away the stress of having to dig up new streams of revenue and allows you to start planning ahead.

But if you’re a WordPress designer or developer, you may be a bit perplexed about this whole “recurring revenue” thing. You make your money when clients need something new, like a website refresh for a site that looks like it was designed when MySpace was hot. You essentially have to wait for them to decide they want to change things. The whole idea of regular income feels like a mystery. Read original article here…. sitepoint.com

Tom McFarlin to Launch Marketplace for Blogging Plugins, Finds New Maintainer for WordPress.org Plugins

https://wptavern.com/tom-mcfarlin-to-launch-marketplace-for-blogging-plugins-finds-new-maintainer-for-wordpress-org-plugins?utm_source=The+WhiP+by+WPMU+DEV&utm_campaign=dae7d0771e-The_WhiP_Lifes_Plug_It_In_Plug_It_In+_01_13_17&utm_medium=email&utm_term=0_74fb43fd55-dae7d0771e-102893693Daily blogger and plugin author Tom McFarlin has found a new maintainer for five of his WordPress.org plugins. Within two days of putting the plugins up for adoption, McFarlin announced that Philip Arthur Moore will be taking over Category Sticky Post, Comment Tweets, Single Post Message, Tag Sticky Post, and Tipsy Social Icons. Moore, who is currently working as CTO at Professional Themes, has inherited roughly 10,000 users overnight in the transfer of maintainership.

WordPress.org plugin adoption stories are few and far between. The most common scenario for an orphaned plugin is to languish in the directory until it disappears from search results (with the exception of exact matches) after two years of no updates. In McFarlin’s case, he was looking to tie up some loose ends before shifting Pressware’s focus to launching Blogging Plugins, a marketplace for extensions that streamline WordPress for regular bloggers. Read original article here…. wptavern.com

 

Well that’s a wrap for this week more next week from WP Plugins A to Z.

 

This is a weekly round up of WordPress Security news for July 24, 2017 that I have accumulated from across the web. Some is old WordPress news some new WordPress news but always interesting. pay attention this stuff your security is at stake.

Round up of WordPress Security News and Tips July 24, 2017

This is a weekly round up of WordPress Security news for July 24, 2017 that I have accumulated from across the web. Some is old WordPress news some new WordPress news but always interesting. pay attention this stuff your security is at stake. The Weekly round up of Security News, Tips, and information to help you keep your WordPress website safe and secure.

This is a weekly round up of WordPress Security news I have accumulated from across the web some old some new but always useful. The new relates to keeping a WordPress secure.

 


This week we have the following Security News for you.

Your WordPress plugins might be silently losing business data

https://venturebeat.com/2017/07/19/your-wordpress-plugins-might-be-silently-losing-business-data/If your WordPress site uses third-party plugins, you may be experiencing data loss and other problematic behavior without even knowing it.

Like many of you, I’ve become quite attached to WordPress over the past 15 years. It is by far the most popular content management system, powering 28 percent of the Internet, and still the fastest growing, with over 500 sites created on the platform each day. Considering myself well versed in the software, I was surprised to discover — while working on a digital design project for a client — what could be the Y2K of WordPress. Many WordPress plugins are suffering data loss, and it looks like this problem will soon explode if not properly addressed. Read original article here…. venturebeat.com

WordPress Sites at Risk From PHP Code Execution

https://securityintelligence.com/news/wordpress-sites-at-risk-from-php-code-execution/New attacks against unfinished installations of WordPress aim to give attackers admin access and the opportunity to run PHP code.

The campaign, which was revealed by security specialist Wordfence, peaked during May and June when attackers targeted recently installed, but not configured, instances WordPress, SecurityWeek reported. Outsiders can use a successful attack to take over the new WordPress website and then potentially gain access to the entire hosting account. Read original article here…. securityintelligence.com

5 Simple Ways To Secure Your WordPress Website, Without Plugins

http://www.business2community.com/cybersecurity/5-simple-ways-secure-wordpress-website-without-plugins-01813854#a2wEZSsx4z7qBUU2.97Any time security is brought up with WordPress, the first thought is external sources that could be used to protect your website. But in fact hardening WordPress must start with the install and the administrator of the website. Websites are no longer like sheets of paper, they are dynamic and like software that require strong protection that has to start with the most basic things.

That’s what we are writing about here. Many of these issues arise when we, Element 502, take over the security, SEO and administration of a WordPress website. Read original article here…. business2community.com

WordPress Performance Testing: Why, How & Which Tools to Use

http://www.wpexplorer.com/wordpress-performance-testing/Tons of articles written as the one guide to performance on WordPress, tons of content dedicated to the subject at hand but, what about the tools we use for measurement?

The online and software tools we use are a big part of the equation. A wrong tool or improper results can lead you astray. Today we are going to do the exact opposite, today we are going to benchmark the benchmarks and see if we can come up with a better idea of what’s good, what’s acceptable and what should be definitely avoided when trying to analyze our sites in our need for speed. Read original article here…. wpexplorer.com

 

 

 

 

 

Well that’s a wrap for this week more next week from WP Plugins A to Z.

Brute Force Amplification Attacks Against WordPress XMLRPC

 

Brute Force Amplification Attacks Against WordPress XMLRPC

http://xxxxsblog.sucuri.net/2015/10/brute-force-amplification-attacks-against-wordpress-xmlrpc.html Brute Force attacks are one of the oldest and most common types of attacks that we still see on the Internet today. If you have a server online, it’s most likely being hit right now. It could be via protocols like SSH or FTP, and if it’s a web server, via web-based brute force attempts against whatever CMS you are using.

Imagine a world where an attacker could amplify their Brute Force attacks in such a way that traditional mitigation strategies fall short. Instead of 500 different login attempts, the attackers could reduce their login attempts to say 20, or 50 and still try 500 or even thousands of passwords to each request. As you might imagine, this begins to make your mitigation strategy a bit harder to employ.

One of the hidden features of XML-RPC is that you can use the system.multicall method to execute multiple methods inside a single request. That’s very useful as it allow application to pass multiple commands within one HTTP request.

XML-RPC is a simple, portable way to make remote procedure calls over HTTP. It can be used with Perl, Java, Python, C, C++, PHP and many other programming languages. WordPress, Drupal and most content management systems support XML-RPC. Read original article here….

Unmasking Free Premium WordPress Plugins

 

Unmasking Free Premium WordPress Pluginshttp://xxxxsblog.sucuri.net/2014/03/unmasking-free-premium-wordpress-plugins.htmlWordPress has a large repository of free plugins (currently 30,000+) that can add almost any functionality to your blog. However, there is still a market for premium plugins. Premium plugins are especially popular when they help blogs make money: eCommerce, SEO, affiliate and customer management, and so on.

Such plugins may be really great and well worth their price, but not many webmasters are ready to pay for plugins, especially when they can find “free” or “nulled” versions of the same plugins on the Internet. All they need to do is search Google for [<plugin-name> free download].

Getting something valuable for free may sound great, however, in most cases, you won’t get what you expect. After all, you should ask yourself the question, why would someone spend their time to steal software, and then post it to various sites and forums where they can’t even count on any advertising revenue? Usually, the answer is that they expect to take advantage of the sites that install the software they post. How? By adding some undisclosed functionality to the stolen plugins like backdoors, ads, hidden links, and SPAM.

In this post, we’ll talk about “patched” malicious premium plugins. We’ll talk about what they do, how they work, and about websites that build their businesses around stolen WordPress themes and plugins. Read original article here…

Pirated Joomla, WordPress, Drupal themes and plugins contain CryptoPHP backdoor

 

Pirated Joomla, WordPress, Drupal themes and plugins contain CryptoPHP backdoorhttp://www.scmagazine.com/pirated-joomla-wordpress-drupal-themes-and-plugins-contain-cryptophp-backdoor/article/385552/Illegal search engine optimization (SEO) is the goal of attackers who are freely distributing pirated Joomla, WordPress and Drupal themes and plugins that are packaged with a backdoor being referred to as CryptoPHP.

Last week Fox-It released a whitepaper on CryptoPHP, and in a Wednesday post the security company revealed that most of the command-and-control domains had been sinkholed or taken down.

Researchers observed 23,693 unique IP addresses connecting to the sinkholes, but by Monday that number had dipped to 16,786, according to the post.

WordPress Security Plugin Vulnerabilities for Oct 30th

 

WordPress Security Plugin Vulnerabilities for Oct 30thhttp://xxxxswww.wordfence.com/blog/2014/10/wordpress-security-plugin-vulnerabilities/This is a WordPress security report for Oct 30th 2014. We are publishing a list of current critical vulnerabilities that we want to draw your attention to. Please scan the list below and if you are using any of the products listed, or if you are aware of anyone using the products listed, please take the appropriate action which we include in each bullet point below.

If you are using any of these plugins, please take the action suggested in the bullet point above. Help spread the word to improve WordPress security for the WordPress community.

Keep Track of all WordPress Content Changeshttp://www.wpwhitesecurity.com/wordpress-plugins/monitor-wordpress-content-changes-wp-security-audit-log/When administering a busy multi user WordPress or WordPress multisite blog or website, it is vital to monitor content changes to ensure the integrity of the content, the website’s reputation and also to ensure that no malicious hacker is tampering the content with malicious code and malware.

When the content of a draft of published WordPress blog post, page or custom post type is changed the plugin will log such activity and alert you of such content change with the one of the WorPress security alert mentioned below:

CMS plugins are leaving the security door wide open

White hat hacker warns CMS plugins are leaving the security door wide open

 

White hat hacker warns CMS plugins are leaving the security door wide openhttp://xxxxswww.daniweb.com/web-development/news/485743/white-hat-hacker-warns-cms-plugins-are-leaving-the-security-door-wide-openReading between the lines, the truth of the matter is that the vast majority of holes in the CMS code base, whichever platform you look at, have been found and fixed over the years. Kolochenko actually reckons that 99% of exploitable vulnerabilities in core CMS code fall into this category. So, CMS usage is pretty safe now then? Well, yes, but not 100% so and admins are partly to blame here. Weak passwords and password reuse are right up there at the top of the insecurity tree, along with social engineering attacks against CMS administrators. The compromise crown has to be placed upon the head of XSS vulnerabilities in plugins, made effective because of both the previous weaknesses.

Majik 8 Ball --- How is my site security?

You have a Great WordPress website So why Isn’t up to to Date?

Guard your site now!It is very important that you keep your WordPress website up to date as recent events have shown again.  See these articles:

Search WordPress Plugins The Best WordPress Plugin Directory Search Engine
Major security vulnerability discovered in popular WordPress plugin
30,000 WordPress Blogs Infected to Distribute Rogue Antivirus Software
WARNING: 200,000 US-based WordPress web pages compromised by hijack injection attack

An argument I have had with many people over the years I have been involved in the computer industry has revolved around security. It usually goes like this:

  • Friend: You should get a Mac they are so much more secure from viruses than a PC.
  • Me: and why is that is their code better?
  • Friend: well I am not sure but they are not attacked.
  • Me: Yup you’re correct there but have you ever wondered about that? Think for a moment how much smaller the market is for Macs vs. PCs.
  • Friend: that does not make much difference
  • Me: really

An I am sure you can guess the rest, in a nut shell it is simple if you are a large enough target you will be attacked it does not matter what really. This has so become true of WordPress the largest CMS platform for building a website on the internet. It has become so large that it is estimated that 25% of the web now runs on WordPress. That is allot of web sites.

So of course the hackers, spammers and scammers have targeted this very large area. In particular it is much like Windows with multiple versions and many that are unsecure this makes for very easy targets and let’s face it the hackers are simply a lazy bunch.

Am I safe and secureBut you do not need to become a statistic and fall prey to the hackers and scammers, all you really need to do is keep your WordPress Website up to date. It is a pretty painless process you can do yourself or you can hire someone like me to handle it for you.

To complete the update simply log into your WordPress admin area and simply click the yellow bar telling you that you need to do updates and let it walk you through the process and 98% of the time it will be very smooth and have no issues. If you do have any issues please feel free to contact me at 250-885-2888 or via my contact page to get some help putting you back online.

You can also go to my WordPress Emergency Support Page for an ever growing list of tips that may help out.

John Overall

JohnOverall.com

WordPress Specialist