Month: April 2016

Patch for Core WordPress XSS Flaw for Versions 4.5 and Below to Be Released

By Weston Henry

Yesterday on Twitter, Dr.-Ing. Mario Heiderich of security firm Cure53 announced an unauthenticated cross-site scripting flaw in WordPress version 4.5, the current version as of the announcement, and below.

wp-xss-1

Cross-site scripting, or XSS, flaws are vulnerabilities in a website’s code where malicious actors can execute, or trick visitors or administrators to execute, malicious code in a visitor’s browser.

Tags:   cross-site scripting, xss
Categories:  WordPress security
WordCamp Jacksonville 2016

WordCamp Jacksonville 2016 – Fun In The Sun

By Ashley Baldwin

We can’t believe that our first @WordCampJax is over already! The weekend was filled with new faces, educational talks and some great networking. We were very excited to be present, as this year was Jacksonville’s first! The Camp organizers did an incredible job putting together a fun-filled weekend; one we will not soon forget!

The first ever WordCamp was held in San Francisco in 2006 and was organized by Automattic CEO Matt Mullenweg. WordCamps have since grown to include six continents, 48 countries, 66 cities and counting. Each individual WordCamp is planned by volunteers and brings its own local flavor. Jacksonville was no exception, with our hotel located near the popular Jacksonville Landing, and our after-party event at the eccentric Kickbacks, the Jacksonville team made sure we had a true local experience.

Tags:   recap, sitelock events, WordCamp Jacksonville
Categories:  WordCamp
wooconf 2016

WooConf 2016 – We Were Wooed

By Logan Kipp

We kicked off our second quarter of 2016 with a trip to weird and wonderful Austin, Texas for the second annual #WooConf! WooConf is an event focused on online storeowners and developers that use the eCommerce solution WooCommerce. If you’re in eCommerce and you don’t know what WooCommerce is, you should! Used by more than 37 percent of all online stores on the Internet (according to BuiltWith.com), WooCommerce is the number one eCommerce platform in the world by volume. This year’s conference brought more than 30 top-tier presenters from the space to share their expertise and experience.

Tags:   eCommerce, recap, sitelock events, Wooconf
Categories:  WordCamp
WordPress Multisite Security

WordPress Multisite Security

By Gregory Bloom

Many individual and small company forays on the web are through WordPress on shared hosting accounts, and it’s not uncommon for a shared hosting account to hold multiple WordPress sites as needs and business grow. Site owners maintain each and every WordPress install, managing content, configuration, users and updates. At least they should. Maintaining multiple sites in a single shared hosting account is time-consuming and, as we’ll see, risky as each site on the account is a point of access that has to be secured.

In this post, we’ll discuss how conglomerating multiple WordPress sites in a single account may not save time and money, it may in fact lead to the compromise of every site on the account. We’ll also discuss how to host securely, keeping all your sites from falling due to a single plugin vulnerability.

Tags:   multisite security, shared hosting
Categories:  WordPress security