WordPress News Roundup: 4.0, Plugin Problems and More
by Jason Unger, Founder
Insights / Website Development /
It’s been a big few weeks for the WordPress community.
Last Thursday, WordPress 4.0 (nicknamed “Benny” after legendary bandleader Benny Goodman) was released to the public. While it certainly brings some new features and improvements over the previous versions, the fact that it’s a “round number version” doesn’t mean it’s an overhaul or brings drastic changes — it doesn’t.
The WordPress team has put together this video to show off some of the updates:
If you don’t want to watch the video, here’s the bullet points:
- The Media Library has gotten an upgrade, with easier viewing and editing of media files
- Embedding YouTube videos, Tweets and more is much easier — all it requires is pasting in the URL (that’s a lot easier than worrying whether or not the HTML code you’ve pasted in will stay if you switch back to the Visual Editor)
- Easier to see plugin information when searching for and adding a new plugin to the site
- The Content editor now expands as you write, and formatting tools stay with you as you add new content
Digital Ink clients will have the sites updated to WordPress 4.0 already (many already have).
Big Security Problems with the Revolution Slider
The Revolution Slider, a popular plugin bundled with many themes from ThemeForest (one of the most popular theme markets) and available independently from CodeCanyon, a plugin marketplace, was found to have a pretty big security hole in it.
The security team at Sucuri explains:
This is used to steal the database credentials, which then allows you to compromise the website via the database.
This type of vulnerability is known as a Local File Inclusion (LFI) attack. The attacker is able to access, review, download a local file on the server. This, in case you’re wondering is a very serious vulnerability that should have been addressed immediately.
It’s a big deal. Part of the problem is that many sites have this plugin because it’s bundled in with the theme they’ve purchased, which doesn’t allow them to update the plugin independently.
According to WP Tavern, more than 1,000 themes on ThemeForest have potentially been affected by the issue. If you’re not sure if the theme you’re running has the vulnerability, click on this link to see if it’s listed.
Speaking of Security …
While we’re on the topic of security, the company behind WordPress, Automattic, announced it has recently acquired BruteProtect, developers of a popular security management plugin.
The plugin offered a premium service that Automattic is making free to both users of its hosted WordPress.com platform as well as standalone WordPress users (through its Jetpack plugin). BruteProtect stops malicious login attempts from robots, provides uptime monitoring and is developing malware scanning tools, according to TechCrunch.
The story of BruteProtect’s development is a good one — read it here on their blog.
About Jason Unger
Jason Unger is the Founder of Digital Ink. He built his first website on Geocities, and hasn't looked back since. Digital Ink tells stories for forward-thinking businesses, mission-driven organizations, and marketing and technology agencies in need of a creative and digital partner.
Other Stories You May Like
