CogDogBlog: Useful Way to Taste a WordPress Plugin . “Think about it when you are looking to review or pick a WordPress plugin. All you have is what the authors write about it, maybe if luck a link to a demo. But this ‘trick’ Emma shared lets you actually take out of the Codex for a full test drive.”
WordPress: 7 Best Security Plugins to Protect Your WordPress Site. “f your website is running on WordPress and you haven’t invested in a robust security plugin, your site could be next on the hit list. Thankfully, there are a number of reliable and highly adaptable plugins available for WordPress sites (you can browse a few of the options available at Envato) but how do you know which one is right for your business?”
WP Tavern: rtCamp Launches WordPress Plugin Compare Project. “The team behind rtCamp, a 125-person agency and a WordPress VIP Gold agency partner, has launched a new tool called WordPress Plugin Compare Project (WPPC) to help users extend WordPress with the right plugins for their needs. WPPC lets users search for plugins to compare and customize each selection displayed on [a] chart.”
The Hacker News: YODA Tool Found ~47,000 Malicious WordPress Plugins Installed in Over 24,000 Sites. “As many as 47,337 malicious plugins have been uncovered on 24,931 unique websites, out of which 3,685 plugins were sold on legitimate marketplaces, netting the attackers $41,500 in illegal revenues. The findings come from a new tool called YODA that aims to detect rogue WordPress plugins and track down their origin, according to an 8-year-long study conducted by a group of researchers from the Georgia Institute of Technology.”
Ars Technica: Researchers find backdoor lurking in WordPress plugin used by schools. “The premium version of School Management, a plugin schools use to operate and manage their websites, has contained the backdoor since at least version 8.9, researchers at website security service JetPack said in a blog post without ruling out that it had been present in earlier versions. This page from a third-party site shows that version 8.9 was released last August.”
Search Engine Journal: How to Block, Scrapers, Hackers and Spammers with Wordfence. “Wordfence is a popular WordPress security plugin. Among the features are scanner that monitors for hacked files and a firewall with regularly updated rules that proactively blocks malicious bots. There’s also a useful feature tucked away in the tool that makes user-configurable firewall rules available that can supercharge your ability to block hackers, scrapers and spammers.” These are powerful techniques that look like they could go powerfully wrong, so proceed with caution.
MakeUseOf: The Top 7 Plugins for Cloning a WordPress Website . “Cloning your WordPress website is a useful way of backing up your files or transferring your site to a staging or live environment. You can do this the manual way if you’re comfortable working on the backend of websites. But an alternative approach is to use a WordPress plugin. A plugin is the easier method, and in this article, we’ll take a quick look at seven of the best.”
Search Engine Journal: WordPress Releases a New Performance Plugin. “WordPress announced the release of a plugin called the Performance Lab plugin. It was developed by the WordPress performance team that is designed to help WordPress sites speed up. The plugin gives publishers the opportunity to use new improvements now before they are included into the core of WordPress itself.”
Bleeping Computer: Nearly 30% of critical WordPress plugin bugs don’t get a patch. “Patchstack, a leader in WordPress security and threat intelligence, has released a whitepaper to present the state of WordPress security in 2021, and the report paints a dire picture. More specifically, 2021 has seen a growth of 150% in the reported vulnerabilities compared to the previous year, while 29% of the critical flaws in WordPress plugins never received a security update.”
Search Engine Journal: Nine WordPress Plugins Expose Over 1.3 Million Sites To Exploits. “Nine WordPress plugins, including popular ad management, malware firewall and database managers were found to have vulnerabilities affecting over 1.3 million websites.”
Bleeping Computer: WordPress force installs UpdraftPlus patch on 3 million sites. “WordPress has taken the rare step of force-updating the UpdraftPlus plugin on all sites to fix a high-severity vulnerability allowing website subscribers to download the latest database backups, which often contain credentials and PII. Three million sites use the popular WordPress plugin, so the potential for exploitation was substantial, affecting a significant share of the internet, including large platforms.”
Bleeping Computer: WordPress plugin flaw puts users of 20,000 sites at phishing risk. “The WordPress WP HTML Mail plugin, installed in over 20,000 sites, is vulnerable to a high-severity flaw that can lead to code injection and the distribution of convincing phishing emails.”
Search Engine Journal: All In One SEO Vulnerability Affects +3 Million Sites. “Security researchers at Jetpack discovered two serious vulnerabilities in the All In One SEO Plugin. The vulnerabilities could allow a hacker to access usernames and passwords and also perform remote code execution exploits.”
Bleeping Computer: Massive attack against 1.6 million WordPress sites underway. “Wordfence analysts report having detected a massive wave of attacks in the last couple of days, originating from 16,000 IPs and targeting over 1.6 million WordPress sites. The threat actors target four WordPress plugins and fifteen Epsilon Framework themes, one of which has no available patch. Some of the targeted plugins were patched all the way back in 2018, while others had their vulnerabilities addressed as recently as this week.” I’m seeing a definite uptick in compromised WordPress sites in my Google Alerts.