This is a weekly round up of WordPress news I have accumulated from across the web some old some new but always interesting. The new relates to WordPress and sometimes other areas of the web. It often has a focus on security and more.
We try to have news here that is not only important to help you with your website as well as new from the #wpdrama scene and more to share.
Some of the news here will be of interesting links to not only articles but training materials and other sources I can find online that will help you create a better WordPress website.
This week we have the following news for you.
Postman SMTP Plugin Forked after Removal from WordPress.org for Security Issues
In early October the popular Postman SMTP plugin was removed from WordPress.org due to security issues. The plugin had not been updated in two years and also contained a reflected cross-site scripting (XSS) vulnerability that was made public in June and left unfixed. The security researcher’s attempts to contact the plugin’s author, Jason Hendriks, were unsuccessful.
The plugin is used to improve the delivery of emails that WordPress generates and it logs the causes of failed emails to help eliminate configuration mistakes. It was installed on more than 100,000 sites before it was removed from WordPress.org. Read original article here…. wptavern.com
The Difference Between GTmetrix, PageSpeed Insights, Pingdom Tools and WebPagetest
If you’ve used any of these tools, you may wonder why the results are sometimes different. The post serves to highlight the key differences in these performance analysis tools.
We’re glad to be in the company of other great tools that offer an in depth look at website performance.
PageSpeed Insights, Pingdom Tools, and WebPagetest all offer similar features to GTmetrix, but there are a few things that should be pointed out with regards to our differences. Read original article here…. gtmetrix.com
Locked Out of WordPress? 4 Solutions When You Can’t Access wp-admin
Are you currently locked out of WordPress? I can practically feel the anxiety through the screen. It’s understandable. There aren’t many more uncomfortable feelings than not being able to access your own WordPress website
However, let’s take a deep breath, ok? We will get through this. You have a backup of your site, right? Never mind that now. Instead, let’s concentrate on making things better. Read original article here…. elegantthemes.com
Display Widgets Plugin Permanently Removed from WordPress.org Due to Malicious Code
Display Widgets, a plugin with more than 200,000 active installs, has been removed from WordPress.org due to its authors inserting malicious code. SEO consultant David Law was the first to bring this issue to the attention of the plugin team after discovering that Display Widgets was inserting content into sites from external servers and also collecting visitor data without permission. He posted to the WordPress.org forums several times to warn other users. Read original article here…. wptavern.com
How to add a new WordPress user without logging into WordPress
Simply add the below code to your active WordPress theme functions.php file, then visit the site to inject the new user and password into the database.
This will instantly create a new admin user.
Just remember to remove the below code from your functions.php file once you’ve verified the new username and password is working nicely. Read original article here…. hackrepair.com
This week we have the following Security News for you.
Blog | Plugin Vulnerabilities | A service to protect your site against vulnerabilities in WordPress plugins.
From time to time a vulnerability is fixed in a plugin without the discoverer putting out a report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability.
Recently the web scanner service Detectify has been vaguely disclosing minor vulnerabilities in a number of WordPress plugins. It seems …To read the rest of this post you need to have an active account with our service. Read original article here…. pluginvulnerabilities.com
The Man Behind Plugin Spam: Mason Soiza
This post is part of a series. This is the second post and a follow-up to our first story titled “Display Widgets Plugin Includes Malicious Code to Publish Spam on WP Sites“. There is a third post in this series which explains how the same spammer influenced a total of 9 WordPress plugins over a 4.5 year period.
In this post, we explore who is behind the purchase and corruption of the Display Widgets plugin and at least two other popular WordPress plugins.
As part of my research into the sale of the Display Widgets plugin and the subsequent spam that appeared in it, I had reached out to Stephanie Wells, the original author of Display Widgets who sold it. Stephanie got back to me moments after I hit the publish button on our post. Read original article here…. wordfence.com
Topic: Display Widgets Plugin v184.108.40.206 Includes Hacking Code « WordPress.org Forums
This is the latest version of the plugin code (version 220.127.116.11) : https://plugins.trac.wordpress.org/browser/display-widgets/trunk/geolocation.php
Look at the function on line 186 (pasted below).
Note the name of the function dynamic_page, what do you think a function with name Dynamic Page does?
It creates a DYNAMIC PAGE (a Dynamic WordPress Post) on Display Widget users sites and is loaded using line 299: Read original article here…. wordpress.org
Backdoor Wordpress Login Script
I have created this script to allow me to quickly login to clients wordpress installs after they have royally messed things up. For example, some clients have changed their admin password and dont know which email account they have used, so this script allows me to quickly create a new user, login and reset their details without having to muck about with mysql etc.
NOTE: to use this script you do actually need to have access to the web server and upload the file to their site and then execute it through the browser. Read original article here…. craig-edmonds.com
Cheat Sheet for Analyzing Malicious Software
This cheat sheet presents tips for analyzing and reverse-engineering malware. It outlines the steps for performing behavioral and code-level analysis of malicious software. To print it, use the one-page PDF version; you can also edit the Word version to customize it for you own needs.
Follow me for more of the good stuff. Read original article here…. zeltser.com
And now for something older in the past article collections.
50+ Frequently Asked Questions About WordPress
Have a question? No problem – we get a ton of questions about WordPress everyday. To help we thought we’d share and expand on some of the most common questions we’ve been asked about WordPress! We’ll cover tons of topics including:
Not sure if WordPress is right for you? Here are answers to basic question about WordPress, what it is, how much it costs and more.
WordPress is a popular content management system (CMS) that you can use to power your website on your own hosting plan. WordPress makes creating a blog, landing page, online store, forum or other website possible for users around the world. Read original article here…. wpexplorer.com
A Guide to Designing Better Buttons and CTAs for WordPress
Buttons and calls-to-action fill up relatively little real estate but they’re some of the most important design elements of any website. Considering their importance, getting buttons and calls-to-action right is sort of a big deal.
However, designing buttons can be tricky. There are many design factors to consider when designing buttons – size, color, icons, shape, placement, and text — and call-to-action buttons are even more critical to get right. Read original article here…. premium.wpmudev.org
10 Hottest Web Design Trends You Gotta Know for 2017
The web is a rapidly evolving space. Technologies and development techniques can appear quickly. Ever improving tools allow for greater freedom when designing interfaces and interactions. And because of this, web design patterns and techniques can begin to trend within a short period of time.
Below is a list of web design trends to keep in mind during 2017. They aren’t all new; some are styles that have been gaining and/or maintaining their popularity during 2016. These are expected to continue to be in common use for new websites launched in 2017. Read original article here…. premium.wpmudev.org
A Quick and Dirty Guide to Post Type Templates in WordPress
WordPress 4.7 has delivered some fantastic new enhancements to the CMS’s template system. Templates have now been expanded to include all post types, allowing developers to create more nuanced themes and at the same time allowing site owners to manage content more easily.
But how does it all work? In this article, I’ll show you how to use post type templates in your themes with a few easy examples.
Templates are essentially special files that can change the look and feel of a page and/or add functionality to your WordPress website. Read original article here…. premium.wpmudev.org