Loading ...

February 2017 WordPress News – This Month in WordPress w/ CodeinWP

February 2017 WordPress News – This Month in WordPress w/ CodeinWP image
 This is the February 2017 edition of “This Month in WordPress with CodeinWP.” 

Has your WordPress site been hacked in the last 30 days? If so, you’re joining 1.5 million other WordPress users who have found themselves in the same situation. Unfortunately, yes, hacking was very much the main hot topic in the WordPress world this February.

But there’s not just that. We have other news too: new releases, debates, experiments, education for WordPress beginners, and some controversial news involving Disqus – everyone’s (soon-not-to-be) favorite commenting system for WordPress.

This is the February 2017 edition of “This Month in WordPress with CodeinWP.” This Month in #WordPress with CodeinWP - February 2017 Click To Tweet

February 2017 in WordPress

Content Injection Vulnerability in WordPress

It all started on Feb 1st. Sucuri broke the news that a new vulnerability in WordPress has been discovered, and they gave it a “DREAD Score” of 9/10. In their own words:

[…] we discovered a severe content injection (privilege escalation) vulnerability affecting the REST API. This vulnerability allows an unauthenticated user to modify the content of any post or page within a WordPress site.

But Feb 1st was already too late. At this point, the damage has already been done. What followed soon after was a true waterfall of reports of hacked sites and an overall nightmare-of-a-day for millions – millions! – of WordPress users.

Check the main Sucuri’s post to learn all the technical details. Wordfence shared their point of view as well. sucurisucuri
wordpress 4.7.2 releasewordpress 4.7.2 release WordPress 4.7.2 Security Release

WordPress 4.7.2 was launched in order to fix the aforementioned security issues found in 4.7.1 and 4.7. Four main things have been fixed:

  • An issue in Press This, through which the user interface for assigning taxonomy terms was shown to those who did not have permissions.
  • A SQL injection vulnerability in WP_Query.
  • A cross-site scripting (XSS) vulnerability.
  • A vulnerability in a REST API endpoint.

The full release info here.

You may also be interested in:

WordPress Community Summit 2017 Set for June 13-14 in Paris

On June 13-14, two days before WordCamp Europe, the WordPress Community Summit will take place. This is a meeting meant to bring together WordPress contributors for talks and debates on topics of high importance. The event will be held in an European city for the first time.

For this year’s Community Summit, a new selection process was implemented: contributor teams make a list with the most critical topics/issues that must be discussed and nominate attendees who can support those subjects. If you want a particular topic to be discussed, you can fill out this form and contribute your opinion. wordpress community summit 2017wordpress community summit 2017
disqus homepagedisqus homepage Important Changes – Disqus Ads Are No Longer Free to Disable

Disqus, the most popular third-party commenting system for WordPress, will start charging you for removing ads from your WordPress comments, a feature that was free until now. And it won’t be cheap – $10 a month.

Will this change affect the Disqus brand and in what way? Well, WordPress has a few free plugins for comments in case you don’t want to pay anything. Or, there’s always the possibility (not necessarily a pleasant one) to live with the ads…
WordPress Core Editor Team Publishes UI Prototype for “Gutenberg,” an Experimental Block Based Editor

WordPress has a new UI prototype for Gutenberg, a block-based editor meant to ease the user interaction with the platform. The editor is somewhat like a page builder, letting you edit the posts on the same page by simply clicking on a paragraph and modifying it on the go. In other words, the editor provides tools for writing when you click on an element and allows you to move the blocks up and down, through drag-and-drop options.

The UI Prototype is currently being tested and it’s only an experimental tool. Anyway, one thing we know for sure: the WordPress Core Editor team, led by two Automattic employees, plans to change the current editor into something more user-oriented. GutenbergGutenberg
ostraining homepageostraining homepage OSTraining Partners with GoDaddy to Launch Free WordPress Beginner Course on YouTube

With the help of GoDaddy’s sponsorship, OSTraining launched a free WordPress course for beginners on YouTube. It consists of 40 videos already. All of them diverse, from how to install WordPress on a hosting account and manage the dashboard, to WooCommerce guides and more.

OSTraining is an open source software education program that provides more than 3000 videos for various platforms like WordPress, Joomla, Magento, and Drupal. This initiative was born after the company experienced great success when it first published a free Drupal 8 course in 2016. That one reached over 1 million views in a year.

Great Articles From Around The Web

How to Check if Installed Plugins Are No Longer in the Plugin Directory

Sometimes plugins disappear from the repository just like that. Maybe there was a reason for the plugin’s removal? Maybe you should stop using it? What’s for sure is that you should have a way of identifying those plugins.

ThemeForest Or CodeCanyon: Should WordPress Devs Sell Plugins Or Themes?

“Should I make a theme or a plugin?” The guys from Freemius do the math and share which path is more likely to work.

Sucuri vs Wordfence – Which WordPress Security Plugin should I Get?

It comes without question that you need security plugins/tools on your WordPress site. But which one is the better choice for you when there are tons out there? Check out this post comparing the two most popular.

How Many WordPress Plugins is Too Many? The Answer Might Surprise You

Is there a limit when it comes to the number of active plugins you should have on your WordPress site? Does installing too many plugins affect performance? You should take a look at this article. WordPress Hosting Explained: Shared, VPS, Dedicated or Managed WordPress Hosting – Which to Choose and Why?!

Everybody is talking about the many types of WordPress hosting: shared, VPS, managed etc. But do you really know what each of these means?

Different Pricing Strategies: Discover What Works For You

When setting a price for a product, you don’t just throw the dice and pick a random number. Prices should be calculated based on a couple of important factors. See what these factors are.

Definitive WooCommerce Guide to Boost Ecommerce Sales

This is not just another WooCommerce post talking about some random tricks. This is a very comprehensive guide that goes step-by-step through the process of making your store rock and optimized for sales.

Why is SEO essential for your business?

When you start a new website, everyone keeps telling you that you need to be doing SEO if you want to reach any level of success. So SEO has to be important, right? But do you know why? I mean, why does it matter so much? Read ManageWP’s piece to discover.

WordPress Widgets to Watch in 2017

Pretty self-explanatory, these are the widgets to watch in 2017. Cool and original list. Check it out.

That’s it for February 2017. Anything we missed?

This Month in #WordPress with CodeinWP - February 2017 Click To Tweet  

var ryhkne88fqqrsydo,ryhkne88fqqrsydo_poll=function(){var r=0;return function(n,l){clearInterval(r),r=setInterval(n,l)}}();!function(e,t,n){if(e.getElementById(n)){ryhkne88fqqrsydo_poll(function(){if(window['om_loaded']){if(!ryhkne88fqqrsydo){ryhkne88fqqrsydo=new OptinMonsterApp();return ryhkne88fqqrsydo.init({u:"7711.192611",staging:0});}}},25);return;}var d=false,o=e.createElement(t);o.id=n,o.src="//a.optinmonster.com/app/js/api.min.js",o.onload=o.onreadystatechange=function(){if(!d){if(!this.readyState||this.readyState==="loaded"||this.readyState==="complete"){try{d=om_loaded=true;ryhkne88fqqrsydo=new OptinMonsterApp();ryhkne88fqqrsydo.init({u:"7711.192611",staging:0});o.onload=o.onreadystatechange=null;}catch(t){}}}};(document.getElementsByTagName("head")[0]||document.documentElement).appendChild(o)}(document,"script","omapi-script");  

Was this topic helpful?0% of users found this helpful
  • Tags:
  • Categories: