Keep your site safe – WordPress Security
During our last meetup, I talked about some basic WordPress Security principles. You can read all about it here:
During our last meetup, I talked about some basic WordPress Security principles. You can read all about it here:
WordPress 4.4 Beta 2 is available for testing. The new version of WordPress will include 3 new important features:
If you’ve had to deal with plugin translations in the past, you know it used to be a cumbersome process: people who translated your plugin had to send you .po and .mo files, and you would commit those files into your plugin’s languages folder in the next release. Things are much easier now, thanks to WordPress.org. All translations happen on translate.wordpress.org. You can contribute to translations for just about any plugin, and as soon as your translations get approved, they’ll be shipped to everyone using the plugin.
Even the readme can be translated, so we’re slowly moving towards a fully localized plugin repository!
Not a WordPress news, but something that will affect everyone with a website. Let’s Encrypt is a new free SSL certificate authority, and is now trusted by all major browsers. Soon they’ll stat issuing free SSL certificates to everyone who’d need one. They contribute to a safer internet for everyone.
XML-RPC is a feature allowing you to interact with a WordPress site. It’s used by the mobile apps, by plugins like Jetpack, by services like IFTTT, and by many other apps and services.
Since it can be used to publish posts remotely, it’s one of the points of entry hackers like to target. They’ll try to authenticate to your site via XML-RPC, and access your site through there.
Unfortunately, it can be abused, and the Sucuri security firm discovered that hackers had discovered a new way to abuse that feature. They now use a method named system.multicall
to execute multiple methods inside a single request. That means they can test several username / password combinations to get into your site in one single request. That’s consequently not enough to just block folks who do multiple requests to your site’s XML-RPC in a short period of time, you now have to look at what people do in these requests. We’ll cover how to protect yourself against those attacks in my talk, a bit later.
http://www.meetup.com/Budapest-WordPress-Meetup/events/225778081/
It’s been a while since our last meetup! This time, we’d like to try something different. We haven’t decided about a topic yet and we’d like you to decide what you want to hear about!
Please fill in this survey, and tell us what you’re interested in. We’ll then find speakers and update this post and the Meetup page accordingly.
https://jeherve.polldaddy.com/s/wpbudapest-topics
Thank you!
There were quite a few releases in the past few weeks:
From now on, all themes submitted to the WordPress.org theme repository will have to use the Customizer for their theme options:
If you are not familiar with the customizer, and if you’d like to add options to your theme, I would suggest checking out the Customizer API docs on WordPress.org.
WordPress 4.2 was shipped a couple of weeks ago, and the core developers are already planning 4.3. You can find out more about the focus of the next major WordPress release here:
I would also suggest subscribing to make/flow if you’d like to help with testing and share your opinions.
My WordPress Performance 101 presentation from our third meetup.
You are welcome to ask any question about it, feel free to comment.
Here is a quick recap of last night’s News section. Any questions, shoot!
There were a few important security vulnerabilities discovered in WordPress plugins this month:
For some of these updates, the WordPress Security team automatically updated the plugins remotely, using the automatic update system that was added to WordPress in version 3.7. You can read more about this process here.
This automatic update was really useful to patch a lot of WordPress installations in very little time, but some people felt uncomfortable seeing the WordPress security team update code on their site without their consent. Here is a post arguing against automatic plugin updates: On Automatic WordPress Updates.
The next version of WordPress is just around the corner, and you can help test it! To do so, install this plugin.
To find out what’s new in WordPress 4.2, you can check this post: WordPress 4.2 Beta 1.
Of note, a better plugin installer, a new Press This feature, even more things in the Customizer, and Emojis.
We also talked about the changes to taxonomy terms: you can read more about it here. If you’re a plugin author, you’ll want to review this guide. You can use this plugin to find out if your site includes any shared terms.
If you have any other news to share, post them here!
Discover the Jetpack plugin, and why should you give it a try on your WordPress site.
If you have any questions about my talk, do not hesitate to comment! And if you want to learn more about a specific module, let me know!
Here are the slides for my presentation at WPBudapest meetup.
The presentation included an interactive demo on a test server, which cannot be replicated in the slides 🙂 so if you have any doubts or follow up question, please feel free to contact.
Here you are the power point file of the presentation
I would like to advice everyone to watch this youtube video, to understand why GPL is the best, and we all would love to participate on the benefit of the WordPress community
Some helpful links:
“Themes are GPL, too” by Matt Mullenweg
List of WP marketplaces that sell 100% GPL products
Before we get to post pictures and presentations about last night’s meetup, here is a quick summary of the news topics we talked about.
Ryan Boren and Peter Westwood step down and are replaced by Helen Hou-Sandi and Dion Hulse.
Ryan Boren becomes UX lead for 2015. If you don’t already, I’d suggest following make.wordpress.org/flux to find out more about some of the biggest UX issues in WordPress.
Done with the boring steps appearing when you would install a plugin. Check trunk, it’s already in there. #29820-core
If you follow make.wordpress.org/core, you probably know about the frontend editor that is being worked on. You can already install it on your test sites, it’s worth giving it a try. Her is a walkthrough from Elegant Themes.
Pressnomics is a WordPress conference for entrepreneurs and business owners. A few weeks ago, over 250 attendees met in Phoenix to talk about the economics around WordPress. One of the key events of the conference was a QA with Matt Mullenweg, founder of WordPress and CEO of Automattic.
The session wasn’t recorded, but a few quotes generated quite a lot of talk around the future of WordPress, our competitors, and how we need to change to create the next WordPress.
Here are a few of Matt’s quotes:
Matt was referring to plugins transforming WordPress in a turn-key solution including the features that people creating websites have come to expect: social, mobile, stats, … These are all baked in tools like Wix, Squarespace, or Weebly.
Chris Lema – Is the Future Success of WordPress tied to Jetpack?
WP Tavern – How Important is Jetpack on WordPress’ Road to 50% Market Share?
cc @sinisterstuf who will talk about deployment methods in our next meetup!