Month: April 2016

Core WordPress XSS Flaw for Versions 4.5 and Below to Be Released

By Weston Henry

Yesterday on Twitter, Dr.-Ing. Mario Heiderich of security firm Cure53 announced an unauthenticated cross-site scripting flaw in WordPress versions 4.5, the current version as of the announcement, and below.

wp-xss-1

Cross-site scripting, or XSS, flaws are vulnerabilities in a website’s code where malicious actors can execute, or trick visitors or administrators to execute, malicious code in a visitor’s browser.

Tags:   cross-site scripting, WordPress Security, xss
Categories:  WordPress security
WordCamp Jacksonville 2016

Fun In The Sun: WordCamp Jacksonville Recap

By Ashley Baldwin

We can’t believe that our first @WordCampJax is over already! The weekend was filled with new faces, educational talks and some great networking. We were very excited to be present, as this year was Jacksonville’s first! The Camp organizers did an incredible job putting together a fun-filled weekend; one we will not soon forget!

 

The first ever WordCamp was held in San Francisco in 2006 and was organized by Automattic CEO Matt Mullenweg. WordCamps have since grown to include six continents, 48 countries, 66 cities and counting. Each individual WordCamp is planned by volunteers and brings its own local flavor. Jacksonville was no exception, with our hotel located near the popular Jacksonville Landing, and our after-party event at the eccentric Kickbacks, the Jacksonville team made sure we had a true local experience.

Tags:   WordCamp Jacksonville 2016
Categories:  WordCamp, WordPress security
wooconference

We Were Wooed

By Logan Kipp

We kicked off our second quarter of 2016 with a trip to weird and wonderful Austin, Texas for the second annual #WooConf! WooConf is an event focused on online storeowners and developers that use the eCommerce solution WooCommerce. If you’re in eCommerce and you don’t know what WooCommerce is, you should! Used by more than 37 percent of all online stores on the Internet (according to BuiltWith.com), WooCommerce is the number one eCommerce platform in the world by volume. This year’s conference brought more than 30 top-tier presenters from the space to share their expertise and experience.

Tags:   eCommerce, Wooconf, WordPress
Categories:  WordPress
This week in exploits - SiteLock

This Week In Exploits: Know Your Sites (KYS)

By Gregory Bloom

Many individual and small company forays on the web are through WordPress on shared hosting accounts, and it’s not uncommon for a shared hosting account to hold multiple WordPress sites as needs and business grow. Site owners maintain each and every WordPress install, managing content, configuration, users and updates. At least they should. Maintaining multiple sites in a single shared hosting account is time-consuming and, as we’ll see, risky as each site on the account is a point of access that has to be secured.

In this post, we’ll discuss how conglomerating multiple WordPress sites in a single account may not save time and money, it may in fact lead to the compromise of every site on the account. We’ll also discuss how to host securely, keeping all your sites from falling due to a single plugin vulnerability.

Tags:   multisite security, WordPress Security
Categories:  WordPress security