WordPress released version 4.8.3 today, which includes a critical security patch. WordPress is advising that all versions 4.8.2 and earlier are vulnerable to SQL injection attack, and that all sites using WordPress should be updated immediately. The vulnerability in question is related to the $wpdb object where $wpdb->prepare() can create queries that allow attackers to inject malicious code into the MySQL database that powers the site. WordPress is reporting that the vulnerability does not impact core application files, but may impact plugins and themes that use WPDB. The security team has added hardening to prevent these add-ons from inadvertently creating the vulnerability.
We are recommending that all WordPress sites be updated immediately. If you have enabled automatic updates, these should complete within the next 24 hours. Additionally, all plugins and themes associated with your WordPress sites should be updated to their latest vendor provided versions. This will help to ensure your site is not compromised.
It is also recommended that you utilize a malware and vulnerability scanner, such as those provided with SiteLock INFINITY to prevent infections on your site.
‘Tis the season to give back, and at SiteLock we are extremely passionate about giving back to the communities where we live and work. We are especially dedicated to supporting STEM (Science, Technology, Engineering and Math) programs for schools in need, and helping to inspire the next generation of technology innovators and pioneers!
According to the U.S. Department of Commerce, in the last decade employment in STEM jobs has grown 24.4%, making it vital that children in school today have access to the necessary tools to keep up with and continue growth in this field. However, most states provide less support per student for elementary and secondary schools than before the Great Recession. In an effort to bring continued awareness to this ongoing issue, SiteLock established a Digital Kids Fund in 2015 to help fund technology-based projects at local schools in Arizona. For every SiteLock product purchased by WordPress customers, SiteLock donates $1 to the fund.
In 2016, SiteLock partnered with DonorsChoose.org, an organization that makes it easy for anyone to help a classroom in need, to fund STEM-related projects in schools in the Phoenix, Arizona and Jacksonville, Florida areas. Through their donation, SiteLock was able to support 198 projects benefitting 19,992 students at 141 schools.
This year, SiteLock has once again joined forces with DonorsChoose.org to fund STEM projects for schools in the Phoenix and Jacksonville areas. To help drive additional advocacy and internal support, SiteLock is allocating additional funds to employees so they can individually choose a STEM-related project to fund.
At SiteLock we are reminded every day of the importance technology plays in our lives and work. Unfortunately, kids go to school every day without the necessary tools to be successful. Through our partnership with DonorsChoose.org and the Digital Kids Fund, we are excited to play our part in helping inspire the next generation of technology experts in our local communities.
As we enter the season of giving, here are some ways you can help too!
WordPress plugins allow users to completely customize their website features and experience for visitors, and also serve as a mainstay of the WordPress experience. It’s safe to say that without them, WordPress wouldn’t have grown to power over 28% of the internet. But did you know that WordPress used to exist without plugins? In this post, I’ll give you a short history of when and why plugins came to be and what the future holds for WordPress because of them.
The SiteLock team recently traveled to Oregon for WordCamp Portland where we had a sponsor table and met many (if not most) of the attendees. It was a busy camp morning for me because I also presented a session titled “5 Steps to Personal and Website Security“. I’m happy to report that my session was received very well among the WordCampers.
First and foremost, I want to give a shout-out to the #WCPDX organizers. They did an excellent job ensuring the sponsor tables were placed in a room that received steady traffic. The tables were set up between the session rooms, also conveniently located next to the coffee, water, and other refreshments.
As with most WordCamps, the session topics were relevant to all types of WordPress users, and the session times were 35 minutes, plus 10 minutes at the end for Q&A. However, there were also lightning talks of 10-15 minutes, which were informative and entertaining.
Ethan Clevenger’s lightning talk discussed how to succeed as a freelancer, and in particular, the reasoning behind raising your prices and how to avoid the fear of making less money. Not only did his talk give valid advice on increasing your revenue while reducing your need to “constantly chase new clients,” but Ethan was also pretty hilarious in the delivery of his content.
Rachel Cherry is a Senior Software Engineer at The Walt Disney Company and delivered a unique and inspiring talk to those in attendance. She showed proof that side projects can lead to bigger things like Apple, Twitter, and even Gmail. The point she made though, was that they don’t always have to, sometimes side projects can simply be for testing the waters. This could include learning a new software package, drafting a blog about your favorite food to improve your writing skills, or building websites to razz your friends (#hiroy). Judging by the comments after, her talk made those in attendance feel at ease and less worried about their half-done projects.
Andrew Taylor’s talk about automation was great. Specifically, automating as much of your daily workflow as possible in order to put processes in place that you can rely on. This also allows you to be more productive. Even though it was a lightning talk, he packed in both the philosophy behind continuous integration and some actual methods he uses in his day-to-day routine.
Bob Dunn, more commonly known as BobWP online, delivered a great talk on why and how to repurpose any content you’ve created. He’s been blogging for ten years and produces three successful podcasts. How does he do it? You guessed it, repurposing content in order to save time and meet the needs of his different audiences.
We always try to do something a little special at WordCamps, in addition to giving out webcam covers and t-shirts. In Portland, we raffled off an Amazon gift card, which was a fun experience. When reading the winning ticket numbers, we had to go through A LOT of them before we finally had a winner. It actually turned out to be pretty entertaining and helped build anticipation.
By all accounts, WordCamp Portland was a great event and one I know we’ll be back to next year. If you weren’t able to attend and you’d like to know more about SiteLock, I encourage you to read more about our company and products, like malware scanning and auto-removal, as well as our web application firewall options.
See you next year!
© Copyright 2017, SiteLock LLC.