POPULARITY
21 episodes with wordfence
24 episodes with wordfence
8 episodes with wordfence
4 episodes with wordfence
2 episodes with wordfence
3 episodes with wordfence
2 episodes with wordfence
2 episodes with wordfence
2 episodes with wordfence
Wordfenceは現地時間5月8日、WordPress用プラグイン「The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress」におけるリモートコード実行につながる任意ファイルアップロードの脆弱性について発表した。
✏️ Suscribirse https://youtu.be/UUQZFKMWFao ¡Bienvenidos a un nuevo episodio de Negocios y WordPress! En el episodio 222, abordamos una ronda de preguntas sobre temas cruciales para emprendedores y autónomos que utilizan WordPress. Hablamos sobre cómo valorar planes de mantenimiento, estrategias de captación de clientes, y los plugins imprescindibles para cualquier proyecto web. Si estás buscando mejorar tu negocio digital, ¡este episodio es para ti! ¿Cómo Valorar los Planes de Mantenimiento en WordPress? Estrategias para Establecer Precios Uno de los temas más recurrentes en nuestra comunidad es cómo poner precio a los planes de mantenimiento. Aquí te dejamos algunos consejos: Investiga a la Competencia: Analiza lo que otros ofrecen y ajusta tus precios en consecuencia. Ofrece Diferentes Niveles de Servicio: Considera tener varios planes que se adapten a las necesidades de tus clientes, desde un mantenimiento básico hasta uno más completo que incluya soporte y tareas recurrentes. Incluye Tareas Recurrentes: Piensa en tareas que puedas realizar mensualmente, como informes de SEO, actualizaciones de contenido, o diseño de promociones. Ejemplo de Plan de Mantenimiento Un plan básico podría incluir: Actualizaciones de plugins y WordPress. Copias de seguridad. Soporte limitado. Mientras que un plan más avanzado podría ofrecer: Informes de rendimiento. Tareas de diseño recurrentes. Consultoría mensual. Captación de Clientes: Estrategias Efectivas Definiendo tu Cliente Ideal Para captar clientes, es fundamental que definas quién es tu cliente ideal. Pregúntate: ¿Qué tipo de negocios quieres atraer? ¿Dónde se encuentran estos clientes? Estrategias de Captación Eventos Presenciales: Participa en ferias y eventos de networking para conectar con potenciales clientes. Redes Sociales y Comunidades Online: Utiliza plataformas como LinkedIn o grupos de Telegram para promocionar tus servicios. Contenido de Valor: Crea contenido que demuestre tu experiencia y ayude a tus clientes a entender la importancia de un buen mantenimiento web. Plugins Imprescindibles para WordPress Selección de Plugins Clave Independientemente de si tu web es una tienda online o un sitio estático, hay ciertos plugins que son esenciales: SEO: Utiliza Rank Math o Yoast SEO para optimizar tu contenido. Seguridad: Implementa Wordfence o iThemes Security para proteger tu sitio. Caché: Mejora la velocidad de tu web con WP Rocket o LiteSpeed Cache. Backups: Asegúrate de tener copias de seguridad con UpdraftPlus. Formularios: Usa WPForms o Contact Form 7 para crear formularios de contacto. Plugins para Tiendas Online Si gestionas una tienda online, considera añadir: WooCommerce para la gestión de productos. PDF Invoices & Packing Slips para la generación de facturas. WooCommerce Multilingual para traducir tu tienda. Conclusión En este episodio, hemos cubierto aspectos esenciales sobre la valoración de planes de mantenimiento, estrategias de captación de clientes, y los plugins imprescindibles para WordPress. Recuerda que la clave está en ofrecer un servicio de calidad y adaptado a las necesidades de tus clientes. ¡Queremos Escuchar de Ti! ¿Qué opinas sobre estos temas? ¿Tienes alguna estrategia que te haya funcionado? ¡Déjanos tus comentarios y no olvides suscribirte a nuestro canal para más contenido sobre WordPress y negocios digitales! Preguntas Frecuentes y Respuestas ¿Cómo se valora el precio de un plan de mantenimiento? Se puede hacer un estudio de lo que hacen otros y adaptar los precios a tus preferencias. Es recomendable tener varios planes que se adapten a diferentes necesidades, y el precio debe basarse en la experiencia y el valor que ofreces. ¿Qué incluye un plan de mantenimiento? Un plan de mantenimiento puede incluir actualizaciones de plugins, copias de seguridad, soporte técnico, informes de rendimiento y SEO, y tareas recurrentes personalizadas según las necesidades del cliente. ¿Cómo conseguir clientes y convencerlos de trabajar contigo? Es importante definir qué tipo de clientes deseas atraer y en qué te quieres diferenciar. Busca eventos y comunidades donde se muevan esos clientes y ofrece un valor claro que les haga ver la inversión en tus servicios como algo necesario. ¿Qué plugins son imprescindibles para una web? Algunos plugins imprescindibles incluyen: Seguridad: Solid Security o Wordfence. Optimización: LiteSpeed Cache o WP Rocket. SEO: RankMath. Formularios: JetForm Builder. Copias de seguridad: UpdraftPlus o BackWPup. ¿Cómo se hace un mantenimiento web efectivo? Un mantenimiento efectivo incluye tareas recurrentes, informes de mejoras, y un enfoque proactivo en la optimización y seguridad del sitio. Es importante personalizar el servicio según las necesidades del cliente. ¿Qué hacer si un cliente no valora la importancia de una web? Educar al cliente sobre los beneficios de tener una web y cómo puede impactar en su negocio. Comparar el mantenimiento de una web con otros gastos fijos que tienen en su negocio puede ayudar a que lo entiendan mejor. ¿Es posible tener Elementor y Brics en la misma web? Aunque se pueden instalar ambos, no se recomienda usar dos constructores de páginas a la vez, ya que puede causar conflictos y problemas de visualización. Es mejor elegir uno y trabajar con él. ¿Qué hacer si un cliente prefiere usar plataformas como Buxy en lugar de tener su propia web? Explicar las ventajas de tener una web propia, como el control total sobre el contenido y la personalización, así como la posibilidad de construir una marca más sólida. ¿Cómo se pueden ofrecer servicios de mantenimiento web a clientes que no están interesados? Cambiar la forma en que se presenta el servicio, enfatizando que el mantenimiento es esencial para el funcionamiento continuo y la seguridad del sitio, y que es una inversión necesaria para el éxito del negocio.
איך לחסום בוטים בהתחברות ובהרשמה שלכם לאתר בוורדפרס: https://itayverchik.co.il/bot-blocking/ מוטרדים מבוטים שמנסים להתחבר או להירשם לאתר שלכם? בסרטון הזה נלמד אתכם איך לחסום בוטים ולהגן על האתר שלכם מפני התקפות ורישומים לא רצויים. נציג את הכלים והטכניקות שיכולים לעזור לכם לשמור על אבטחת האתר ועל חווית משתמש נקייה. נושאים מרכזיים בסרטון: הבנת האיום של בוטים: למה חשוב להגן על האתר שלכם מפני בוטים וכיצד הם עלולים להשפיע על האבטחה והביצועים של האתר. שימוש ב-reCAPTCHA: איך להוסיף reCAPTCHA לטפסי ההתחברות וההרשמה כדי לוודא שרק משתמשים אמיתיים מצליחים לעבור. תוספים לחסימת בוטים: סקירה של תוספים מובילים לוורדפרס כמו Wordfence, WP Bruiser ו-CleanTalk, שמספקים הגנה מקיפה מפני בוטים. הגבלת נסיונות התחברות: איך להגדיר הגבלות על מספר נסיונות ההתחברות כדי למנוע התקפות brute force. הגנה על טפסי הרשמה: טיפים להקשחת טפסי ההרשמה ולמניעת רישומים אוטומטיים לא רצויים. שימוש בחומת אש: איך להפעיל חומת אש להגנה נוספת מפני בוטים ותקיפות סייבר. בדיקה וניטור: איך לבדוק שההגנות פועלות ולנטר פעילות חשודה באתר שלכם. בסוף הסרטון, תדעו איך לחסום בוטים בצורה יעילה ולהגן על האתר שלכם מפני איומים נפוצים, כך שתוכלו לשמור על בטיחות המשתמשים שלכם ועל פעילות תקינה של האתר. אם נהניתם מהסרטון וקיבלתם ערך, אל תשכחו להירשם לערוץ, ללחוץ על הפעמון כדי לקבל התראות על סרטונים חדשים, ולשתף את הסרטון עם חברים ובעלי אתרים שמחפשים לשפר את האבטחה באתרי הוורדפרס שלהם. תודה שצפיתם בסרטון!
How to Block Bots in Your Login and Registration Forms on Your WordPress Website: https://itayverchik.com/bot-blocking/ Are bots trying to log in or register on your WordPress website? In this video, we'll show you how to block bots and protect your site from unwanted registrations and login attempts. Learn the tools and techniques that can help you secure your site and keep it running smoothly. Key Topics Covered: Understanding the Bot Threat: Why it's important to protect your site from bots and how they can affect your website's security and performance. Using reCAPTCHA: How to add reCAPTCHA to your login and registration forms to ensure only real users can pass through. WordPress Plugins for Bot Protection: A review of the best WordPress plugins like Wordfence, WP Bruiser, and CleanTalk, which offer comprehensive bot protection. Limiting Login Attempts: How to set up limits on the number of login attempts to prevent brute force attacks. Securing Registration Forms: Tips on hardening your registration forms to prevent unwanted bot sign-ups. Using a Firewall for Extra Protection: How to activate a firewall for additional security against bots and cyber threats. Monitoring and Testing: How to ensure your bot protection measures are working and how to monitor suspicious activity on your site. By the end of this video, you'll know how to effectively block bots and protect your WordPress site from common threats, keeping your users and site safe. If you found this video helpful, don't forget to subscribe to the channel, hit the bell for notifications on new videos, and share your thoughts in the comments below. Share this video with other website owners who want to enhance their WordPress security and block unwanted bots. Thank you for watching!
Today, we're discussing the lawsuits coming out of AT&T's massive data breach affecting 73 million, a critical flaw in the LayerSlider WordPress plugin jeopardizing 1 million sites, and a preventable hack into Microsoft Exchange highlighting cybersecurity's critical stakes. Experts weigh in on the ramifications and preventive strategies, ensuring you stay informed and ahead in the cybersecurity game. Your feedback on these issues is crucial; join the conversation and help shape a more secure digital future. References: For insights on the AT&T lawsuits and data breach impacts: https://www.bleepingcomputer.com/news/security/atandt-faces-lawsuits-over-data-breach-affecting-73-million-customers/ Understanding the critical vulnerability in the LayerSlider WordPress plugin: https://www.bleepingcomputer.com/news/security/critical-flaw-in-layerslider-wordpress-plugin-impacts-1-million-sites/ Analysis of the Microsoft Exchange hack and recommended security reforms: https://www.cybersecuritydive.com/news/microsoft-exchange-hack-china-preventable/712146/ and https://www.cisa.gov/sites/default/files/2024-04/CSRB_Review_of_the_Summer_2023_MEO_Intrusion_Final_508c.pdf Follow us on Instagram: https://www.instagram.com/the_daily_decrypt/ Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags for the Episode: AT&T data breach, cybersecurity, legal actions, LayerSlider WordPress plugin, SQL injection, plugin security, Microsoft Exchange hack, cloud service security, cybersecurity reforms, identity theft, data privacy, security protocols, cyber risk management, plugin vulnerabilities, security best practices, cyber attack prevention, digital security, cybersecurity insights, technology law, security updates Search Phrases: AT&T 73 million data breach details Legal consequences of cybersecurity failures How to secure WordPress sites from SQL injection Impact of LayerSlider plugin vulnerability Preventing Microsoft Exchange cyber attacks Enhancing cloud service cybersecurity Best practices in digital security updates Addressing identity theft and data breaches Cybersecurity insights for tech professionals Cyber risk management strategies Lawsuits following major data breaches Plugin security for WordPress administrators Learning from cybersecurity breaches Updates and security in technology law Prevention strategies for cyber attacks Transcript: Apr 4 Welcome back to the Daily Decrypt. AT&T is grappling with the fallout of a data breach that impacted 73 million customers. As class action lawsuits begin to mount, also, over 1 million WordPress sites are at immediate risk due to a critical vulnerability in the Layerslider plugin, which can expose these sites to SQL injection attacks. How can WordPress admins protect themselves from this vulnerability? And finally, the Cyber Safety Review Board has declared the massive intrusion into Microsoft's Exchange Online entirely preventable. And just a reminder, this mega intrusion led to over 60, 000 U. S. State Department officials emails being compromised. How the heck is Microsoft gonna restore trust and confidence from the consumers in their security protocols? Stick around to find out. So it's been two days since my last episode, in which I highlighted the most recent AT& T breach. Well, it's been a long couple of days, the reason there were no new episodes is because I lost internet, and you might be thinking, Hey, you just finished slandering AT& T on this podcast on Monday, and then your AT& T internet goes out? That's correct. There's really no other explanation other than aT& T is seeking revenge against the Daily Decrypt. But I digress. To recap what has happened, AT& T has admitted to a data breach exposing sensitive information of 73 million customers this breach included usernames, social security numbers, email addresses, and AT& T PINs used to make secure account changes on AT& T customer accounts. The timeline reveals that AT& T's initial denial of the breach, which was first alleged by ShinyHunters in 2021, and their recent admission after a second threat actor leaked the data in 2024, raises questions about the effectiveness of corporate data breach detection and response strategies. The leaked data isn't from the past year or even couple of years. The leaked data is from 2019. And it includes 7. 6 million current customers and 65. 4 million former AT& T account holders, which I guess says a lot about AT& T's churn rate, that they have 65 million former customers and only 7 million current customers. Needless to say, a lot of data was breached. Now, what's fascinating about this is that this was brought to AT& T's attention in early 2021 and they denied it. And then another threat actor group released the same data from 2019 and early 2024 AT& T also denied that. They're just saying that they don't know this data doesn't belong to them. This data wasn't stolen from their systems when clearly it was. So only in the last week did AT& T finally admit that that data from 2019 belongs to them and was breached from their networks. So because of this negligence, multiple class action lawsuits have spun up very recently. Most notably, there's one from Morgan Morgan, which is the same law firm that's been suing Google over the fact that it tracks users data even when they're in incognito mode. And I believe Google paid out a settlement. So this is the same law firm that did that. And they're accusing AT& T of negligence, breach of implied contract, and unjust enrichment. And they're aiming for compensatory damages and improved data security protocols. Their lawsuit criticizes AT& T for not acting on known vulnerabilities and delaying breach acknowledgement, jeopardizing customer data privacy and confidence. I'm really glad to see these lawsuits are being spun up. As you heard in Monday's episode, I was calling for multiple class action lawsuits.. So yeah, I hope you get the crap suit out of you. And yes, I am an AT& T customer.. If you are also an AT& T customer and you're concerned about your data being in one of these breaches or this main breach from 2019, I believe the site haveibeenpwned. com has acquired the data from this breach. And so you can just search your email addresses in that site to see if it was compromised. Listen to the episode released this past Monday for some tips on how to stay safe when attackers have all of this information. All the information needed to open up new credit cards, take out new lines of credit in your name, and do a whole lot of stuff. All right. Well, there's another WordPress vulnerability out there with a CVSS score of 9. 8 out of a 10 max. The name of the plugin? Layerslider. This plugin is used by over 1 million sites. and exposes these sites to SQL injection attacks. This flaw allows attackers to potentially extract sensitive data, including password hashes, leading to site takeovers or data breaches. This vulnerability was discovered on March 25th, and was promptly reported to WordFence, earning the researcher 5, 500 bounty. The vulnerability affects layer slider version 7. 9. 11 through 7. 10, which as mentioned before, allows for SQL code injection. And just to quickly discuss what SQL code injection is, it's when data is queried from a database to be populated on a website. Those databases use a language called SQL or SQL that uses a query language, which is what the QL stands for, to query that data. This vulnerability allows attackers to query that data by injecting malicious commands. using SQL. They can essentially pull anything they want out of the databases. So that includes, yeah, password hashes, names, emails, whatever data is on the website. If that's social security numbers, that's vulnerable too. Despite the severity though, the attack is limited to a time based blind SQL injection, which relies on observing response times to infer data. And this type of SQL injection is hard to detect, but it's also hard for the attacker to get large amounts of data. It's more of an inferred sort of data attack. For more information on this attack, check out the article in the show notes by Bleeping Computer. The good news is that the flaw was quickly addressed by the plugin's developers, Creatura, who released an update to version 7. 10. 1 on March 27th, so within 48 hours of being notified. If you are a layer slider user, please go update immediately to mitigate this risk. WordPress is built on the use of plugins. That's what makes it so marketable. The more plugins you have, the more plugins you use, the higher your risk is. And I personally am a WordPress user. The DailyDecrypt. com is a WordPress site, and I'm having a hard time setting up notifications for outdated plugins. It's not very intuitive. Granted, I don't use any plugins other than the podcast plugins hosts this podcast and I'm constantly on the site making sure everything's updated and posting new podcasts, but a lot of people with WordPress sites will set it and forget it. Like they'll put up their site. It's a shop. They respond to orders they get, but they don't actually go onto the WordPress site too much. And a lot of WordPress users are less tech savvy than me. So they probably don't have alerts set up for outdated plugins. I highly encourage you to just set up a reminder that goes off once a week, once a month, whatever interval you think is appropriate for the risk of your website. and just go check to make sure all the plugins are up to date. It's a really quick check, and if they're not up to date, you just press a little button and update them. You're likely not doing advanced programming on your WordPress site that might break with an update, so just, just press the little button. All right, and our final story comes from the Cyber Safety Review Board, where they have officially declared, which is a pretty bold stance, they've officially declared that the intrusion into Microsoft Exchange Online that exposed about 60, 000 U. S. State Department emails, was entirely preventable. This report criticizes Microsoft's corporate culture for insufficient investment in security and risk management and calls for widespread security reforms within Microsoft and among all cloud service providers to prioritize cybersecurity. The Cyber Safety Review Board, or CSRF, urges Microsoft to publicly outline its security reforms and outlines a series of operational decisions that encourages cloud service providers and government partners to make security focused changes. The report, released by CSRF, details the compromise of key U. S. officials mailboxes by China affiliated actors and criticizes Microsoft for charging extra for essential security features like enhanced logging. Which, in the recent past, has since been reversed. Microsoft no longer charges extra. But still, why did they do that in the first place? Microsoft has responded and announced plans for major security reforms, including better infrastructure and security processes. It's worth noting that Microsoft has been very cooperative throughout the CSRB's investigation, and are definitely willing to listen to the suggestions and make some changes, so That's step one, that's Way better than what AT& T did when confronted. Microsoft is looking into this. They want to maintain consumer confidence as much as anybody. They're at the center of our tech universe and even more so than most consumers might even know. A lot of servers and digital infrastructure is hosted on Windows server and Windows machines. And if you've been listening for a while, you've heard DogeSpan and I discuss another recent breach amongst senior developers and executives at Microsoft without multi factor authentication on their development accounts. Attackers were able to get in. So all of these incidents are starting to pile up and really pointing fingers at Microsoft. We got to get this fixed. They're starting to crack down. We're going to keep an eye on them. We're going to keep reporting what happens at Microsoft. Hopefully nothing else big because they hold a lot of data. in their cloud services, Exchange, Azure. Microsoft is a pretty big powerhouse in the cloud service provider. So yeah, hopefully they're throwing some money at this. They're spinning up some new teams and they're really looking at legacy infrastructure. It's a pretty old product that they're continually building on. So they need to start peeling away these layers of this product and figure out how they can boost up security. They need to be leading. and setting a good example for smaller companies by being so secure. Well, that's the show. That's all we got for you. Again, sorry about the quick hiatus. Internet went out. Hopefully it will stay on for the remainder of the week and maybe I can put an episode out on Saturday, recapping some stuff. But if you like what you hear, please go find us on Instagram or The Daily Decrypt and send us a comment or a DM. We'd love to hear from you. Until then, we'll talk to you some more tomorrow.
A security breach on your website can cause serious damage to your business. AI For WordPress is here to explain how you can protect your website using the powers of artificial intelligence. Learn more at https://aiforwordpress.com/ai-for-wordpress-security/ AI For Wordpress City: New York Address: 60 W 23rd St Website https://aiforwordpress.com/ Phone +1-877-675-4340 Email scott.hall@betteronlineinfo.com
Episode 49: In this episode of Critical Thinking - Bug Bounty Podcast, Justin Gardner is once again joined by Nagli to discuss some of their recent hacking discoveries. They talk about finding and exploiting a backup file in an ASP.NET app, discovering vulnerabilities through Swagger files, and debating the vulnerability of a specific ‘undisclosed' domain. Then they reflect on 2023's Live Hacking Event circuit, and preview what's to come in 2024's.This episode sponsored by Wordfence! Wordfence recently launched a game-changer of a bug bounty program with ALL WordPress plugins over 50k installs are in-scope. They are currently paying 6.25x their normal bounty amounts, and have agreed to give CT listeners a 10% bonus on top of that! If you wanna pop some crits and see those bounties roll in, head over to https://ctbb.show/wf for more info and keep an eye on the CTBB Discord for inspiration/collabs.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:------ Ways to Support CTBBPodcast ------Sign up for Caido using the referral code CTBBPODCAST for a 10% discount. Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today's GuestEpisode Resources:ShockwaveWhy So SerialNew LHE Standards DroppedTimestamps:(00:00:00) Introduction(00:02:37) wwwroot .zip Hack Recap(00:13:44) Swagger File Hack Recap(00:18:27) Undisclosed URL Hack Recap(00:24:29) 2023 LHE Circut Recap(00:37:14) 2024 LHE Preview and New Standards(00:47:22) Bug Bounty Motivation
Episode 48: In this episode, joined by the spectacular Sam Erb, Google Security Engineer and DEFCON Black Badge winner. We talk about the importance of understanding how systems work to find vulnerabilities, and how his engineering background influences his hunting style and methodologies. Then we jump over to his Career Development and his work with Google, and then chat about some of the recent Google Vulnerability Programs.This episode is sponsored by Wordfence! Wordfence recently launched a game-changer of a bug bounty program with ALL WordPress plugins over 50k installs are in-scope. They are currently paying 6.25x their normal bounty amounts, and have agreed to give CT listeners a 10% bonus on top of that! Head over to https://ctbb.show/wf for more info and keep an eye on the CTBB Discord for inspiration/collabs.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!—— Links ——Follow your hosts Rhynorater & Teknogeek on twitter:—— Ways to Support CTBBPodcast ——Sign up for Caido using code CTBBPODCAST for a 10% discount.Hop on the CTBB DiscordDiscord premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Today's Guest:https://twitter.com/erbbysamSam Erbs Static SecretSecurity Now PodcastBIMI:Andhttps://bimigroup.org/Google Device Vulnerability Reward Program InitiativesGoogle Invalid ReportsHacking GoogleTranscripts(00:00:00) Introduction(00:02:50) Hacker Methodology with Sam Erb(00:12:20) Balancing Bug Hunting and Personal Life(00:15:53) Deep Diving on a program and using automation.(00:27:00) Optimizing Bug Hunting and Understanding Attack Vectors(00:39:22) Collaboration and Boundaries(00:45:42) Career Development and Entrepreneurship(00:55:13) Winning Black Badges at DEFCON(00:58:02) BufferOver(01:09:11) Working at Google(01:19:23) Google Bug Bounty Programs(01:31:41) BONUS Cool Bugs
Bienvenido a una nueva edición de WP A DAY, tu fuente de Inteligencia Artificial para conocer las últimas noticias y actualizaciones en el mundo de WordPress. Hoy es domingo, 12 de noviembre de 2023. En las noticias de hoy, tenemos un puñado de noticias interesantes. En primer lugar, el 7 de noviembre de 2023 se lanzó WordPress 6.4, pero después del lanzamiento se descubrió un bug relacionado con las solicitudes HTTP en algunas páginas web. Después de una investigación exhaustiva, se identificaron las condiciones necesarias para reproducir el problema. Se implementaron soluciones temporales y se lanzó WordPress 6.4.1 para solucionar el bug. Hasta el momento, aproximadamente el 93% de los sitios han actualizado a la versión 6.4.1. Para evitar problemas similares en el futuro, los colaboradores están explorando formas de probar con diferentes versiones de curl. Aunque se esfuerzan por mantener la compatibilidad con versiones anteriores, se recomienda siempre usar las versiones más actuales y soportadas del software. El lanzamiento de WordPress 6.4.1 fue posible gracias a la colaboración de más de 45 contribuidores en todo el mundo. Encuentra la noticia completa en make.wordpress.org. Y siguiendo con la actualidad, según el pronóstico anual de ventas minoristas navideñas de Deloitte, se espera un aumento de entre el 3,5% y el 4,6% en las ventas minoristas durante el período noviembre-enero de 2023. Para ayudar a preparar tu sitio web a tiempo, se ha creado una guía de verificación de Santa Claus: Preparación del sitio web para una exitosa temporada navideña. Esto incluye estrategias de contenido festivo, decoración del sitio web, optimización de palabras clave navideñas, velocidad del sitio web, marketing en redes sociales y correo electrónico, gestión de inventario y atención al cliente y comunicación. El objetivo es aprovechar al máximo la temporada navideña y convertir a los visitantes en clientes. Más datos en managewp.com. Y para finalizar, el fundador de Wordfence, Mark Maunder, comparte su perspectiva sobre cómo generar crecimiento y promover la innovación en el ámbito de la seguridad web. Destaca cómo, a lo largo de los años, ha logrado un crecimiento significativo al ofrecer servicios gratuitos y enfocarse en la creación de software de calidad. El objetivo final es asegurar la web y seguir liderando la innovación en seguridad de WordPress. Tienes toda la información en wordfence.com. Esto resume las noticias de hoy sobre las actualizaciones de WordPress. Asegúrate de consultar nuestra sección de enlaces relacionados para obtener más información sobre estas historias. Si te gustó este episodio, suscríbete al podcast y deja una reseña. Para obtener la transcripción y los enlaces a los artículos mencionados en este programa, visita Blogpocket.com. Gracias por escucharnos y nos vemos en el próximo programa.
In this episode, Pete and Jeff consider the elements you need to consider when preparing a website for launch.Pre-requisitesWe're assuming you already have:Built the site properlyBrowser-checked it the responsive layoutsPopulated it fullyFigured out your caching Pre-LiveUnblock Search EnginesSEO Plugins & Basic Set UpBusiness Details in Schema / SEO Plugin301 Redirects of old URLs to new URLsSite Title / Tagline (remove "Just another WordPress Website", etc)Are Web and Home URLs updated to live siteRemove standard posts / hello world contentMake sure GA4 is installedMake sure tracking codes are copied over from the previous siteEnsure all plugins / themes / wordpress updates are complete (even if they're not on a maintenance plan, you should hand the site over with 0 updates required).Run an SEO Health AuditMake sure there is only 1 H1 tag per pageRun a full check for any placeholder textMake sure forms submitTake payment gateway of of Test / Dev Mode (if applicable)Check load times on all page templates are less than 3 seconds (absolute maximum)Check Social Media links are correctConfirm 404 page is set correctlyEnsure Cookies and Privacy Policies are correct / up-to-dateInstall security plugin (like Wordfence of iThemes)Check all contact forms go to the clients email address Post-LiveSubmit to Google Search Console (this might involved submitting a new (different) sitemap.xml URLMake sure SSL Certificate is installedSet up Instant Indexing for Bing and GoogleSet up maintenance plan (if the client has signed up)Send Website Owners Manual (with agreement for maintenance plan if they're not signed up already)Ensure all licensed plugins have the new (live) domain authenticated on them
המדריך המלא על ההגדרות הנכונות של התוסף Wordfence: https://itayverchik.co.il/wordfence-options/ במדריך זה, אני מסביר איך להגדיר נכון את Wordfence בשביל אבטחה מירבית באתר וורדפרס. הצטרפו עכשיו לקהילה של בוני ומקדמי האתרים הטובים בישראל בחינם לגמרי: https://www.facebook.com/groups/israelwp לרכישת אלמנטור פרו, מעצב העמודים בוורדפרס הטוב בעולם: https://trk.elementor.com/2500 --- Send in a voice message: https://podcasters.spotify.com/pod/show/itay-verchik/message
The Complete Guide On The Correct Settings Of The Wordfence Plugin: https://itayverchik.com/wordfence/ In this guide, I explain how to correctly configure Wordfence for maximum security on a WordPress site. Join now the community of Webmasters and SEO Marketers completely free: https://www.facebook.com/groups/itayverchik To purchase Elementor Pro, the world's best WordPress page designer: https://trk.elementor.com/2500 --- Send in a voice message: https://podcasters.spotify.com/pod/show/itay-verchik/message
Noticias, ideas y trucos sobre WordPress, Gutenberg, Full Site Editing y más. Este vídeo se publicó originalmente en Blogpocket.com el 28 de abril de 2023. 00:00 - Presentación. 00:17 - Paso 1: Alojar el sitio web en un servicio de alojamiento web (Top hosting o hosting verde), del estilo de GreenGeeks o SiteGround. 02:07 - Paso 2: Instalar WordPress. 04:05 - Paso 3: Optimizar la seguridad, con un plugin del estilo de Wordfence. 04:58 - Paso 4: Optimizar el SEO, con un plugin del estilo de Yoast SEO. 05:30 - Paso 5: Optimizar el rendimiento WPO. En el caso de GreenGeeks, su plugin LiteSpeed Cache sirve con creces para optimizar el rendimiento. En el curso de GreenGeeks puedes obtener información precisa para configurarlo. Por otra parte, el Método Blogpocket de optimización de un sitio web de WorPress, se basa en la obtención de un sitio inicial optimizado al 100%. 07:15 - Paso 6: Optimizar la legalidad (RGPD y cookies) con plugins del estilo de Adapta RGPD y Complianz. 09:20 - Paso 7: Flecos (Akismet, Updraft Plus, Optimize Database, etc.) 11:08 - Paso 8: Diseño del front-end con Gutenberg y el editor del sitio. 12:27 - Despedida.
WordPress 6.2 is slated for release on March 28. Among its most impactful new features will be the integration of the Openverse media search. This will allow users to add images, audio, and video that are available via a Creative Commons license.While Openverse integration adds a layer of convenience, there was some debate about how the feature initially worked. As Sarah Gooding of WP Tavern reports, the first iteration (released in version 15.1 of the Gutenberg plugin) simply hotlinked to images, rather than uploading files to the user's website by default.Users had the option to upload the image via the WordPress Media Library. However, the default hotlinking behavior meant that some users would inevitably leave things as they are. This could run afoul of privacy regulations like GDPR in the European Union.Meanwhile, WordPress core contributor Jeremy Herve created a ticket that called attention to the potential issue. Others have since raised questions regarding usage rights - including the right to crop or otherwise modify media.The debate has led to a change in plans. WordPress contributors reacted swiftly and now the feature will upload Openverse images by default. A fallback has also been implemented that warns users when an image couldn't be uploaded. Check out WP Tavern's follow up for more details on how things evolved.Links You Shouldn't MissThere are more acquisitions to report in the WordPress space. First, Caseproof, makers of the MemberPress plugin, have acquired rival MemberMouse. In the announcement, MemberPress Creator and CEO Blair Williams says both products have different audiences and thus will remain separate offerings.Next up, Syed Balkhi announced that tutorial service WP101 has been acquired by Awesome Motive. Balkhi notes that the acquisition furthers his goal of creating the “best class-room style WordPress training videos to help WordPress grow in enterprise, government agencies, as well as at the school and collegiate level.”The democratization of publishing is a stated goal of WordPress. To see proof of it in action, look no further than the Prison Journalism Project. Sarah Gooding profiled the organization and its use of WordPress to help incarcerated writers to connect with the outside world.From the Grab BagNow it's time to take a look at some other interesting topics shared by our contributors.The popular All in One SEO plugin recently patched two security vulnerabilities. It's recommended that users upgrade to the latest version as soon as possible. Security firm Wordfence provided further detail on their blog.Back in July 2022, we reported that WordPress blog WPLift was sold to an undisclosed buyer. It's been revealed to The WP Minute that Boston-based agency UnlimitedWP is the new owner.A new proposal aims to display more topic-based meetups in the WordPress News & Events dashboard widget.Take in the sights of the recent WordCamp Asia with BobWP's recap of the event.With so many recent changes to WordPress content creation and theming, web designers need to adjust. Justin Tadlock explored the topic on the WordPress Developer Blog.Speaking of themes, developer Anders Norén announced that his collection of free block themes are now compatible with features added in WordPress 6.1.If you're looking for some inspirational stories, People of WordPress has you covered. Recent profiles Hauwa Abashiya and Daniel Kossmann are worth a read.Thanks to all of the members who shared these links today: Jeff ChandlerAmber HindsAbha Thakor ★ Support this podcast ★
What's on tap for WordPress core in 2023? Project executive director Josepha Haden Chomphosy recently outlined some big picture goals. By design, the post is light on detail. Haden Chomphosy says the list represents a view from “10,000 feet”.Perhaps the biggest item mentioned is the completion Phase 2 of the Gutenberg project, which focuses on the customization of the Block and Site editors. From there, the project will begin exploring Phase 3, where collaborative functionality will be on the table.Other areas of interest include improvements to media management, adding Openverse search in WordPress core, and the return of the WordPress Community Summit.The goals are ambitious and there is a lot of work to be done. With that, Haden Chomphosy also put out a call for volunteers.Links You Shouldn't MissFor WordPress product makers, identifying a target audience can be challenging. There is often difficulty in balancing new features, support, and marketing. After a few years of catering to publishers of all sizes, Newsletter Glue's Lesley Sim has decided to train her product's focus on newsrooms and media companies. In a blog post, Sim explained the reasons behind the shift and what it means for current customers.The folks at Awesome Motive have made their second major acquisition this month. This time around, they've purchased Thrive Themes. Known for the Thrive Architect and Thrive Theme Builder products, the company also touches on the LMS, automation, and marketing niches.Wordfence has released their annual State of WordPress Security report. Takeaways include a higher number of reported vulnerabilities, while fewer of them were categorized as “critical unauthenticated”. One constant is the need to keep your WordPress installation up-to-date. Neglect is still a huge factor when it comes to security. ★ Support this podcast ★
Eine Lernplattform ist kein Wunderwerk der Technik. Und trotzdem ist es mir eine Folge wert, unter die Motorhaube zu schauen. Inhalt der Folge: * Meine Technik in der Lernplattform "World of FPGA" * Das Grundsystem Wordpress * Die Erweiterungen (Plugins) * Wordfence * Digimember * Mailpoet * Yoast SEO * AutomatorWP * bbPress * WebinarPress * Blubrry * Externe Tools * Digistore24 * Youtube Live * Vimeo Trage Dich auch gerne in meinen Newsletter ein. Du findest eine Möglichkeit auf der Webseite zu dieser Folge. Der Beitrag IF185 – Technik Einblick erschien zuerst auf Ingenieurbüro David C. Kirchner.
Picture of the Week. A malware operation known as URSNIF. Pwn2Own Toronto 2022. Citrix and Fortinet recently released security updates to patch 0-day vulnerabilities. Patch Tuesday. Another Uber breach? Elon Botches 'Bot Blockage. Vivaldi integrates Mastodon in its desktop browser. 5,200 Dutch government warnings. CIB: "Coordinated Inauthentic Behavior" GitHub to require 2FA by the end of next year. Bye bye SHA-1. WordFence's VERY useful looking WordPress add-on vulnerability database. Closing The Loop. SpinRite. A Generic WAF Bypass. Show Notes https://www.grc.com/sn/SN-902-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsor: plextrac.com/twit
Picture of the Week. A malware operation known as URSNIF. Pwn2Own Toronto 2022. Citrix and Fortinet recently released security updates to patch 0-day vulnerabilities. Patch Tuesday. Another Uber breach? Elon Botches 'Bot Blockage. Vivaldi integrates Mastodon in its desktop browser. 5,200 Dutch government warnings. CIB: "Coordinated Inauthentic Behavior" GitHub to require 2FA by the end of next year. Bye bye SHA-1. WordFence's VERY useful looking WordPress add-on vulnerability database. Closing The Loop. SpinRite. A Generic WAF Bypass. Show Notes https://www.grc.com/sn/SN-902-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsor: plextrac.com/twit
Picture of the Week. A malware operation known as URSNIF. Pwn2Own Toronto 2022. Citrix and Fortinet recently released security updates to patch 0-day vulnerabilities. Patch Tuesday. Another Uber breach? Elon Botches 'Bot Blockage. Vivaldi integrates Mastodon in its desktop browser. 5,200 Dutch government warnings. CIB: "Coordinated Inauthentic Behavior" GitHub to require 2FA by the end of next year. Bye bye SHA-1. WordFence's VERY useful looking WordPress add-on vulnerability database. Closing The Loop. SpinRite. A Generic WAF Bypass. Show Notes https://www.grc.com/sn/SN-902-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsor: plextrac.com/twit
Picture of the Week. A malware operation known as URSNIF. Pwn2Own Toronto 2022. Citrix and Fortinet recently released security updates to patch 0-day vulnerabilities. Patch Tuesday. Another Uber breach? Elon Botches 'Bot Blockage. Vivaldi integrates Mastodon in its desktop browser. 5,200 Dutch government warnings. CIB: "Coordinated Inauthentic Behavior" GitHub to require 2FA by the end of next year. Bye bye SHA-1. WordFence's VERY useful looking WordPress add-on vulnerability database. Closing The Loop. SpinRite. A Generic WAF Bypass. Show Notes https://www.grc.com/sn/SN-902-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsor: plextrac.com/twit
Picture of the Week. A malware operation known as URSNIF. Pwn2Own Toronto 2022. Citrix and Fortinet recently released security updates to patch 0-day vulnerabilities. Patch Tuesday. Another Uber breach? Elon Botches 'Bot Blockage. Vivaldi integrates Mastodon in its desktop browser. 5,200 Dutch government warnings. CIB: "Coordinated Inauthentic Behavior" GitHub to require 2FA by the end of next year. Bye bye SHA-1. WordFence's VERY useful looking WordPress add-on vulnerability database. Closing The Loop. SpinRite. A Generic WAF Bypass. Show Notes https://www.grc.com/sn/SN-902-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsor: plextrac.com/twit
Picture of the Week. A malware operation known as URSNIF. Pwn2Own Toronto 2022. Citrix and Fortinet recently released security updates to patch 0-day vulnerabilities. Patch Tuesday. Another Uber breach? Elon Botches 'Bot Blockage. Vivaldi integrates Mastodon in its desktop browser. 5,200 Dutch government warnings. CIB: "Coordinated Inauthentic Behavior" GitHub to require 2FA by the end of next year. Bye bye SHA-1. WordFence's VERY useful looking WordPress add-on vulnerability database. Closing The Loop. SpinRite. A Generic WAF Bypass. Show Notes https://www.grc.com/sn/SN-902-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsor: plextrac.com/twit
Picture of the Week. A malware operation known as URSNIF. Pwn2Own Toronto 2022. Citrix and Fortinet recently released security updates to patch 0-day vulnerabilities. Patch Tuesday. Another Uber breach? Elon Botches 'Bot Blockage. Vivaldi integrates Mastodon in its desktop browser. 5,200 Dutch government warnings. CIB: "Coordinated Inauthentic Behavior" GitHub to require 2FA by the end of next year. Bye bye SHA-1. WordFence's VERY useful looking WordPress add-on vulnerability database. Closing The Loop. SpinRite. A Generic WAF Bypass. Show Notes https://www.grc.com/sn/SN-902-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsor: plextrac.com/twit
Picture of the Week. A malware operation known as URSNIF. Pwn2Own Toronto 2022. Citrix and Fortinet recently released security updates to patch 0-day vulnerabilities. Patch Tuesday. Another Uber breach? Elon Botches 'Bot Blockage. Vivaldi integrates Mastodon in its desktop browser. 5,200 Dutch government warnings. CIB: "Coordinated Inauthentic Behavior" GitHub to require 2FA by the end of next year. Bye bye SHA-1. WordFence's VERY useful looking WordPress add-on vulnerability database. Closing The Loop. SpinRite. A Generic WAF Bypass. Show Notes https://www.grc.com/sn/SN-902-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsor: plextrac.com/twit
Matt Mullenweg held court at the annual State of the Word event on December 15. Several topics were touched, including the use of Gutenberg outside of WordPress, the return of in-person Meetups and WordCamps, and the announcement of a Community Summit set to take place in 2023. Mullenweg also detailed a change to the WordPress.org Plugin and Theme repositories. Taxonomies have been added that allow authors to categorize their products as “commercial” or “community” - among other labels. The goal is to help users better understand the purpose of and level of support provided by theme and plugin authors. The feature is opt-in, and it's already being put to use by some products. As usual, the event was packed with insight and information. The WP Minute has a handy summary of key moments, along with a full transcript. It's accompanied by a video highlight package that condenses the entire event down to just over 16 minutes. You'll also want to check out State of the Word recaps from both Sarah Gooding at WP Tavern and Courtney Robertson at GoDaddy. Links You Shouldn't Miss There's a new competitor in the WordPress email newsletter space. WordPress.com Newsletter was announced this week. The feature allows users to publish new posts as email newsletters, collect subscribers, and design a template. Monetization features are in the works with details forthcoming. Meanwhile, our own Matt Medeiros offers his analysis of the product via a new video. The subject of WordPress nostalgia seems to be popular these days. The WP Minute's Eric Karkovack looks at why that is and how it could help us shape the future of the community. Security firm Wordfence has released a free vulnerability database API. Hosting companies, security researchers, and individual users will have access to a continuously updated repository of vulnerabilities. The company hopes that the community “will turn this data into free and commercial security products that will improve the security of the WordPress community.” What does the future look like for ClassicPress? The open source project is a fork of WordPress that retains the TinyMCE-based Classic Editor. A new poll asks users whether the content management system should be “re-forked” to WordPress 6.0 or continue along its current path, based on WordPress 4.9. Classifieds listings buy yours TweetGrab crawls your site and turns any embedded Tweets into screenshots with the click of a button. ZipMessage Record and swap messages asynchronously with clients and others using video, screen, audio or text + Embed video intake forms in WordPress. MainWP 4.3 includes Client Management, a new default theme, and an easy way to organize clients & sites from a single dashboard.
The WordPress news from the last week which commenced Monday 12th December 2022.
The WordPress news from the last week which commenced Monday 12th December 2022.
The WordPress news from the last week which commenced Monday 7th November 2022.
The WordPress news from the last week which commenced Monday 7th November 2022.
The advent of WordPress Full Site Editing (FSE) has sparked plenty of discussion within the community. But it's not just the technical aspects that have received attention. Giving the feature a more user-friendly name has also been a hot topic. On November 4, 2022, WordPress project Executive Director Josepha Haden Chomphosy announced that the feature will be simply referred to as the “Site Editor”. Simplicity was only one consideration, however. Haden Chomphosy notes that the term can also be effectively translated into hundreds of languages. Given WordPress' considerable international user base, a consistent name is desirable. Paired with the Block Editor, the Site Editor name should provide users with a clearer distinction between editing environments. Links You Shouldn't Miss When we discuss the challenges facing WordPress, we often focus on WordPress core. However, The WP Minute's Eric Karkovack says that the WordPress Ecosystem Needs Closer Scrutiny. He opines that what happens in the world of themes and plugins can be just as consequential. The phrase “Just another WordPress site” should be familiar to anyone who has installed the software. It's been the default setting for the Site Tagline for years - but no more. Sarah Gooding at WP Tavern reports that, as of WordPress 6.1, the tagline is now blank. For the sake of nostalgia, the phrase does stick around in the form of placeholder text. In the wake of WordPress.org's removal of active install growth data from the plugin repository, developers are still looking for relevant information. In response, the folks at AyeCode have launched wp-rankings.com. The site scrapes the repository's popular plugin data and shows historical comparisons for active installations. WP Tavern has more details on the project. If you couldn't make it to Spain for WordCamp Sevilla this past weekend, the event has published a virtual tour using the Spatial metaverse platform. Visitors can create an avatar, walk around the space, and access a stream of the event. Classifieds listings buy yours See your ad in this space! From the Grab Bag Now it's time to take a look at some other interesting topics shared by our contributors. Designer Anders Norén has released Oaknut, a WordPress block theme that lets users create a profile page similar to that of Linktree. Big Orange Heart have announced that their WordFest Live event has been rescheduled to Friday, December 16, 2022. If you run a WooCommerce store and use Stripe for payment processing, be on the lookout for fraudulent orders. Wordfence takes a look at a security flaw in the Blog2Social WordPress plugin
In today's podcast we cover four crucial cyber and technology topics, including: 1. Criminals target over 4 million sites with Tex4shell 2. EnergeyAustralia notifies customers of data exposure 3. Metro facing huge cyber event; likely ransomware attack 4. U.S. government says Daixin Team ransoming healthcare sector I'd love feedback, feel free to send your comments and feedback to | cyberandtechwithmike@gmail.com
Editor's note: How I imagine the background music to WordCamp US 2022 News The new default theme, Twenty Twenty-Three, will be a stripped-down base theme with many style variations built by the WordPress design community. This theme is being released to make theme development exciting again. Jump over to the Gutenberg times to read about variations and see the latest on the “good and bad”. WordPress.com has announced that they can build and design a website for new business owners, in four business days or less. If you are on a budget, the cost is $499, plus an additional purchase of the WordPress.com premium plan. It will be interesting to see how this will grow and if it has any impact on the WordPress professional freelance community. Security Wordfence PSA: on September 6, 2022, the Wordfence Threat Intelligence team was alerted to the presence of a vulnerability being exploited in BackupBuddy, a WordPress plugin that has around 140,000 active installations. This vulnerability makes it possible for unauthenticated users to download arbitrary files from the affected site which can include sensitive information. There is minimal sharing about the details of this vulnerability as it is still an active threat. If you are interested in reading more jump over to the Wordfence website. Sarah Gooding over at WPTavern wrote an article that WordPress' Security Team announced it will be dropping support for versions 3.7 through 4.0 on December 1, 2022. Events WordCamp US has started! Michelle Frechette writes about how to make the most of your Wordcamp US experience with fewer participants and dealing with COVID restrictions. Use the official #WCUS hashtag to follow the online WCUS conversation. If you are there, say hi to Raquel Landefeld who is our community lead at the WP Minute. If you are a new camper, go listen to the Matt Report and Gina Marie Innocent to get more ideas on how to make the most of your WordCamp experience. From Our Contributors and Producers Phil Crumm has a thread on Twitter that the WordPress community is uneasy about the growing pace of acquisitions. His hot take may be correct as the news that GridPane has completed a seed round of funding, including a significant strategic investment from Automattic, the parent company of WordPress.com, WooCommerce, WordPress VIP, and Jetpack. Another acquisition Rocketgenius, the company behind Gravity Forms, has acquired Gravity Flow and Gravity Experts. The acquisition will help the Gravity Forms community by strengthening the portfolio of WordPress product offerings.
Gutenberg News Last week there was a bunch of new stuff with Gutenberg 13.8.0. Birgit Pauli-Haack discusses all the new features with Grzegorz Ziolkowski over on the changelog podcast. You can hear about Fluid Typography, updates to Block APIs, and WordPress 6.1 Planning. The Gutenberg Editor is testing On Tumblr and Day One Web Apps. Sarah Gooding over at WPTavern writes about the details of using the betas on Tumblr and Day One. Check that out. WooCommerce WooCommerce 6.8 has been released. Smart Shipping for new sites has been added to this release. You can see all of the recent updates by checking out the WooCommerce site. Events WordCamp Asia sold out of tickets on their first batch of standard and micro sponsor tickets in just 1 day. The second batch of tickets will be available soon. From Our Contributors and Producers The Free Rider topic around WordPress got a lot of discussion going in the WP Minute Slack channel. Joe Casabona published a podcast episode on why free riders are necessary and really not a problem that needs to be solved. If you really want to democratize publishing, then you can't expect everyone to contribute. You have to accept and welcome the free riders. Eventually, they may want to contribute and be part of the open source community. Joe was also interviewed by Brian Coords over on MasterWP. WordCamp US is right around the corner. If you are an introvert that will be attending, you may want to listen to the Matt Report podcast with Ken Elliott. Ken is a self-described “networking introvert” that built a WordPress agency with his co-founder and he will be emceeing WordCamp US next month. WordCamp US is sold out but you will be able to live stream for free. The first beta release of Advanced Custom Fields PRO 6.0. is now available. It has improved performance for Repeater fields with large datasets, and a new generation of ACF Blocks with block JSON support. Go check that out if you are interested. Marie Comet shared on Twitter a little experiment of bulk converting Classic WordPress posts to Gutenberg posts. You can check out this tool for converting classic posts to blocks and provide feedback. Wordfence has looked at the threats to Ukrainian websites since the invasion of Russia. This cyber-war has been going on since mid-March and this blog post shows the statistics for the threats. For WordPress developers that have been using Desktop Server for many years, it was sad to see ServerPress is closing. If you are a Premium Subscriber, you will have support until your subscription is up. Check out the just-released int
In this episode of The Artist Inclusive Podcast, host Daniel Lamb gives some gratis insight into a cornerstone of his marketing practice: getting yourself online in a professional manner. From acquiring domain names and hosting websites, all the way to ideas for securitization, Daniel demystifies the cloud by going step-by-step through his own highly sought-after process. Listen to this episode of The Artist Inclusive Podcast to get real, valuable information from a professional in the field - especially useful for those struggling to gain a foothold on the world wide web. Resources mentioned in the episode:Domains: www.namecheap.com/DIVI Theme: https://www.elegantthemes.com/Gravity Forms: https://www.gravityforms.com/Wordfence: https://www.wordfence.com/Mailchimp: www.mailchimp.comJoin Our Facebook Group: artist inclusive | Facebook Website: Artist Inclusive Connect https://www.hollandcreative.io daniel@hollandcreative.io IG: https://instagram.com/conversioncopydesign https://www.dashofcopy.com anna@dashofcopy.com IG: Dash of Copy (@dashofcopy)
Auch kleine Onlineshops sind interessant für Hacker. Egal wie viele Klicks du generierst oder wie viele Verkäufe du hast - Spam, Malware und andere Cyberattacken machen da keinen Unterschied. Wie kannst du Fake Bestellungen/ Formulareinträge, Hacks und DDos Attacken im E-Commerce verhindern? Alle das heute in einen neuen Handel 4.0 Podcast Folge mit Malte Helmhold und Paul Noah Brunn von Die Berater Online Marketing Außerdem erfährst du hier etwas über Geoblocking und wie du Tools wie Wordfence, reCaptcha, HCaptche, FriendlyCaptcha und Honeypot für dich nutzen kannst, um Angirffe abzuwehren. Gesponsert von Die Berater Online Marketing. Solltest du Ideen für Folgen oder Fragen zu uns oder unserer Agentur haben, dann schreib uns gerne an podcast[a]dieberater.de oder besuche uns auf www.dieberater.de.
Rob Cairns talks about how WordFence trolled Godaddy in the Security space. Show Highlights: How the article had lots of bad information in it. How WordFence did not follow proper security disclosure. How this could have been handled.
It was recently reported that you can purchase six popular Automattic plugins right from your WordPress.com dashboard. Donna Cavalier shares what's coming for plugins, themes and services that will be additionally available for purchase right through the WordPress.com dashboard to expand your options. You can sign up over on WordPress.com for early access if you would like to know what is coming. The Museum of Block Art MOBA is a cool pop up site of virtual [block] art. This site was recently created by community members in the WordPress world. With WordPress 5.8 and WordPress 5.9 coming out with nifty design tools, members decided to show what can be created. It is worth your time to check out the site for beautiful block ideas and see how to create your own new designs. WooCommerce WooCommerce 6.3 was released. The updates include changes to WooCommerce Blocks, WooCommerce Admin, and the Product attributes lookup table. You can check out release posts for 6.8.0 and 6.9.0 to see what's new. This release should be backwards compatible with the previous version. Security Patchstack released their State Of WordPress Security In 2021 The Highlights: New WordPress security vulnerabilities were up 150% compared to the previous year.29% of WordPress plugins with critical vulnerabilities received no patch.99.42% of vulnerabilities originated from Plugins and Themes (compared to 96.22% in 2020) From Our Contributors and Producers Jonathan Bossenger has released a plugin in the WordPress repository that displays a customized banner and link on your site to show solidarity for Ukraine. You can check out an example of how he has used #StandWithUkraine. Wordfence has been standing with Ukraine by blocking lots of malicious requests aimed at their sites. They deployed their commercial real-time threat intelligence for free, to all Ukrainian websites with the .UA top-level domain. Jeff Golenski announced the facelift of WPScan. WPScan joined the @automattic family last year. The latest issue of the Gutenberg Times covers a lot of the new features of blocks and patterns in Gutenberg 12.7. There are many March social learning events listed in this issue if you would like to participate and keep up with the latest developments. The WPMinute discussion continued this week about the retirement of WordPress Multisite. Chris Weigman wrote a great article on where Multisite shines. His article is worth checking out. Next up a Simplified Business Minute by Sam Muñoz! Thanks to all of the members who shared these links today: Jeff ChandlerDaniel SchutzsmithMichelle FrechetteBirgit Pauli-HaackEric Karkovack Thanks to Mary Job for purchasing us a virtual coffee this week! ★ Support this podcast ★
Video: Update k Ukrajině, NVIDIA a Samsung data leak – SecurityCast Ep#98 - YouTube 00:00 Úvod 00:52 Úspěchy IT armády Ukrajiny 03:15 Leak zdrojových kódů Conti ransomware skupiny 05:30 Wordfence chrání Ukrajinské weby na WordPressu 07:20 Avast vypustil dešifrovací nástroj pro kmen ransomwaru HermeticRansom 08:08 Roskomnadzor v Rusku zablokoval Facebook, Twitter a další zpravodajské weby 08:57 Ruská vláda zveřejnila seznam 17 576 IP adres, které byly údajně použity ke spuštění DDoS útoků vůči Rusku 10:16 Společnost NVIDIA potvrdila, že utrpěla kybernetický útok a údajný útok na Samsung. Pro nejaktuálnější dění nás sledujte na Twitteru @AlefSecurity.
La guerra in Ucraina è iniziata, e ci si interroga su come gestire risorse online in tempi di guerra.WordFence invia una guida che presentiamo qui negli aspetti essenziali.https://www.wordfence.com/blog/2022/02/ukraine-under-attack/Vi aspettiamo su privacykit.it per gli altri episodi e su privacynews.it per gli approfondimenti dalla rete.
News There have been a lot of people working with the latest 5.9 WordPress release and reporting their successes and failures. Tammie Lister wrote a post about the features in the editor and would like people to quit using the term FSE - Full Site Editing in 2022. The release is not an all-or-nothing proposal yet. Matt Medeiros created a video on the future of page builders with Gutenberg when a discussion on Discord started with Justin Ferriman, a WPMinute producer. Go check out that video to see if you agree with the future of Gutenberg. Anne McCarthy writes about some practical ways to lock your projects for clients and users that can make changes to a WordPress website. The new template locking API that was released in 5.9 along with newer tools like theme.json continues to be modified to adapt to the user experience. The WordPress Photo Directory recently hit 1,317 photos and continues to grow. There has been a new Slack Channel created and the team is looking for volunteers and moderators to work on a new site being set up on the make network. The team needs help working through issues in the coming months. So… As we head into the iterative part of Gutenberg's phase 2, there will be changes for the community of users as they continue to look at WordPress. Josepha Haden Chomphosy writes that the Theory of Technology adoption that will come in three parts. Keep visiting make.wordpress.org to continue to get the latest updates. Security PHP Everywhere, a utility for web developers to be able to use PHP code in pages, posts, the sidebar, or anywhere with a WordPress Gutenberg block has Remote Code Execution vulnerabilities. WordFence reported that there are three critical vulnerabilities in PHP Everywhere all leading to remote code execution in versions of the software below 2.0.3. There was a patched version of the plugin rolled out so if you are using this make sure that you are up to date as soon as possible to keep your WordPress site...well up to date. From Our Contributors and Producers Justin Tadlock over at WPTavern wrote a recent article about the Clarity AdBlocker for WordPress. Ads and upsells have been showing up in WordPress dashboards and many in the community have been complaining about it over the past few years. For many that get that exposure through the WordPress dashboard, this announcement was not well-received (to say the least). If the default full-screen editing mode and welcome guide in WordPress is annoying when you first visit the edit interface, you can jump over to GitHub to grab the drop-in snippet to disable it. Some may say that PHP is dead (or dying). There is a comprehensive article over at Kinsta that per W3Techs, PHP is used by 78.1% or almost 4 out of 5 websites. PHP seems to be very much alive and faster than before when updated to the latest release. You can go check out this article for the latest benchmarks. Are you one of those people who hate working through your inbox and approach it with dread? There is a new interesting email product called Shortwave that provides a new experience with threads, history, and bundles. You should check it out as an interesting tool to organize your email and provide a nicer experience. If you are a Beaver Builder Pagebuilder user, it is great to know that they have released a free library of courses. Next up is the Creator Minute from our producers Michelle Frechette and our Simplified Business Minute...Sam Munoz “WP Career Summit” by Michelle Frechette Transcript This is Michelle Frechette with your WP Community minute. April 8 marks the first-ever WordPress Career Summit. Tracks will be dedicated to those looking for jobs and for employers. The job seeker track will include sessions geared toward helping those look for employment with talks about the job search, applying, and interview preparation. The employer track will include sessions around recruiting, onboarding, managing remote teams, and more. Over the last few years, I've watched people searching for jobs, and I've seen companies posting openings. The job market has been difficult for many. My hope is that a career summit like this will help both sides of the hiring table, while also allowing sponsors to show why you should apply to work for them. Sponsor spots are still open. This is a Post Status event, and I'm the organizer, so reach out if you have any questions. WP Career Summit is free to attend. For more information and to register, visit wpcareersummit.com! “Simplified Business Minute” - Sam Muñoz Thanks to all of the members who shared these links today: Daniel SchutzsmithBirgit Pauli-HaackJoe CasabonaJeff ChandlerDave Rodenbaugh New Members We would like to welcome Thomas Maier Founder and CEO of Advanced Ads and webgilde GmbH to the WPMinute. If you haven't noticed, the WPMinute got a fantastic new paint job...more than a paint job...also under the hood. This thing is screaming fast. Thanks to Mike Oliver for designing the new WPMinute theme for us built on Generate Press. If you are looking for somebody that does amazing front-end design and optimization, look no further than WPMinute Producer, Contributor, and web developer Mike Oliver. Thanks to his hard work on the redesign. Thanks to you, dear listener, for tuning in to your favorite 5-minutes of WordPress news every Wednesday. ★ Support this podcast ★
This week's WordPress news for the week commencing Monday 31st January 2022
This week's WordPress news for the week commencing Monday 31st January 2022
המון תוספים, המון פרצות והמון נפילות.. מערכת וורדפרס היא הפשוטה והמורכבת ביותר יחדיו. היא המערכת הפופולארית והפריצה ביותר בעולם, אך יש פתרון לכל דבר. תוסף האבטחה הטוב ביותר לאבטחת האתר וורדפרס שלכם WordFence: https://itayverchik.co.il/wordfence/ --- Send in a voice message: https://anchor.fm/itay-verchik/message
Síguenos en: Sabemos que no es un tema agradable, y ojalá no necesitéis nunca aplicar nuestros consejos, pero por desgracia si gestionamos o llevamos el mantenimiento de muchas páginas web, seguramente antes o después nos encontremos con un caso de malware, o hackeo. ¿Qué podemos hacer en esos casos? ¿Qué tal la semana? Semana esther Mucho movimiento de vuelta de Navidades: altas de mantenimiento, modificaciones de clientes, etc… Semana Nahuai Ayudando a clientes de OsomPress con problemas de hosting. Consultoría adopta mi mente. FESBAL nos envió un agradecimiento escrito y dijo que el dinero recaudado alimentará a 5082 familias.
Síguenos en: Sabemos que no es un tema agradable, y ojalá no necesitéis nunca aplicar nuestros consejos, pero por desgracia si gestionamos o llevamos el mantenimiento de muchas páginas web, seguramente antes o después nos encontremos con un caso de malware, o hackeo. ¿Qué podemos hacer en esos casos? ¿Qué tal la semana? Semana esther Mucho movimiento de vuelta de Navidades: altas de mantenimiento, modificaciones de clientes, etc… Semana Nahuai Ayudando a clientes de OsomPress con problemas de hosting. Consultoría adopta mi mente. FESBAL nos envió un agradecimiento escrito y dijo que el dinero recaudado alimentará a 5082 familias. ???? Hacer llamamiento para pedir soporte de SEPA Stripe en Restrict Content Pro https://stripe.com/docs/sources/sepa-debit Contenido Nahuai 3 nuevos tutoriales en Código Genesis de los cuales destaca: Crear un elemento de menú directo al checkout de una suscripción en Easy Digital Downloads Tema de la semana: ¿Qué hacer cuando nos hackean una web? 2 pasos: LimpiezaAnálisis vulnerabilidad para evitar que se repita. Tipo de hackeo: Base de datosFicheros Base de datos: inserción de código malicioso en múltiples campos y tablas. Restaurar copia de seguridad Ficheros: Creación de ficheros nuevos o modificación existentes, añadiendo código malicioso al principio o final del archivo Si es posible -> restaurar copia completa anterior al hackeo. Actualización de WP, plugins y themes Escaner y limpieza con Wordfence -> detecta archivos que no forman parte de WP y los que han sido modificados. Revisión por FTP -> Según fecha de modificación. Una vez realizada la limpieza, debe escáneres en los días posteriores para detectar lo antes posible si se ha reproducido. Activar alertas del plugin de seguridad y revisión manual por FTP. Si no localizamos el origen del ataque -> Consultar al soporte del hosting por si tienen más información o por si ha podido venir de otro sitio de un hosting compartido. Hackeo de sitemap -> Enviar por Google search console el sitemap correcto y solicitar desindexación de las urls que vayamos detectando. Novedades Tip de la semana https://themes.gutenberghub.com Menciones Ángel nos comenta las limitaciones del FTP cuando son muchos ficheros y nos recomienda Forklift (dentro de la suscripción de Setupp). Gracias a: Este episodio está patrocinado por StudioPress, los creadores de Genesis Framework, el entorno de trabajo de temas más popular de WordPress. Ya está disponible Genesis Pro para todo el mundo, 360$ anuales que dan acceso a: Genesis FrameworkChild themes de Genesis de StudioPress1 año de hosting en WP EnginePlugin Genesis Pro (Diseños y secciones, restricción de bloques por usuarios…) y Genesis Custom Blocks Pro.
Plugins mentioned during this episode:Sucuri: https://sucuri.net/ iThemes Security Pro: https://ithemes.com/security/ WPScan: https://wpscan.com/Wordfence: https://wordpress.org/plugins/wordfence/ General Info:If you want to get a hold of us, or you would like to be a guest on our show simply click here: https://www.lbmsllc.com/contact-us/Is there a topic you would like us to cover? Send an email to info@lbmsllc.com or simply call 888-416-7752Want a free evaluation of your digital marketing presence? Simply click here: https://www.lbmsllc.com/online-presence-report/and we'll send you a free snapshot report to get started.For a copy of my book, 7 Steps to Recession-Proofing Your Business, click this link: https://www.lbmsllc.com/bookConnect With Us On Social Media:Facebook: https://www.facebook.com/lbmsllcInstagram: https://www.instagram.com/lbmsllc/Twitter: https://twitter.com/lbmsllcLinkedIn: https://www.linkedin.com/company/local-business-marketing-solutionsAlignable: https://www.alignable.com/fanwood-nj/local-business-marketing-solutionsConnect With Frank Directly on LinkedIn: https://www.linkedin.com/in/fdemming/YouTube: https://www.youtube.com/channel/UC97CxzX4YnOazsF39DOe34A
1. Pánico inicial. Jueves 12 de marzo por la noche. En casa. Coronavirus. Reviso ingresos de Amazon... Caída de ingresos de afiliación en Amazon.2. Analizar desde cuando en Amazon y comprobar con Google Analitics y posibles causas. Vacaciones, cambio de algoritmo, nos han superado, penalización, ataque, problema técnico, cambio que hemos hecho, actualización de plugin o tema, no me muestra la home y los títulos tampoco o son raros, sólo tráfico de Google o también de rrss o referidos, en otras webs también?...3. Revisar cambios antes de esa fecha. Apunta los cambios en notas de Google Analitycs. Cuánto ha caído el tráfico? 10%? 50%? 80%?4. Revisar emails de avisos Google Search Console.5. Revisar código fuente. botón derecho y ver código fuente6. Revisa robots.txt. Luego sitemap y redirecciones. (en plugins y htaccess)7. Escribe en Google site:borjagiron.com y revisa a qué afecta y cómo se muestra. ¿Avisos de Google?8. Ver Search Console. Errores graves. Puede que haya otros errores que no tengan que ver. ¿Caídas de servidor?9. Analiza con herramienta SEO enlaces (seo negativo) y caída de posiciones.10. Herramienta - Salud del sitio. En WordPress.11. Tratar de acotar el problema. y haz los cambios oportunos. (Volver a versión anterior del tema, desinstalar plugin, revisar cambios en versiones de plugins que tengan fix o actualización por problema, revisar plugin de SEO, revisar si alguien ha tocado, revisar redirecciones...) Si necesitas ayuda escribe al soporte de tu hosting. Pregunta en grupo de Telegram, en foros...12. Yo tengo varias webs que son copias con las que se puede jugar y están en Google también. Veo versiones y comparo.13. Hay que esperar. Puede que unas horas o unos días. Esto es lo malo. No sabes cuanto tiempo ni si los cambios son los apropiados.Tras 2 días si no pasa nada, volver a ver el proceso. Hazlo por la mañana.14. Prevenir: Plugin de volver atrás en versiones de temas y plugins WP Rollback. Plugin copia de seguridad updraft plus y en hosting. Wordfence. Cambiar acceso de admin. Cambiar contraseñas. Cambiar nombre de usuarios. Apuntar los cambios. Monitorizar y revisar Google de vez en cuando. Estar en buen hosting. Tener el contacto de alguien que pueda ayudarte. ¿Hora de migrar? ¿Hora de cambiar el tema?15. https://uptimerobot.com16. Restaurar copia de seguridad desde hosting o con updraft plus17. Debes diversificar fuentes de ingresos18. Trabaja la marca. Esto hace que Google se piense si quitarte más tiempo.19. Estuve en total 4 días con la caída de tráfico pasando de 9.000 a 3.000 visitas al día. 70% de caída.20. Optimicé otras webs y tras 2 días subieron x3 las visitas y los ingresos x4.Detectar - Analizar - Descubrir punto - solucionar - revisar - prevenir - revisar de nuevo
1. Pánico inicial. Jueves 12 de marzo por la noche. En casa. Coronavirus. Reviso ingresos de Amazon... Caída de ingresos de afiliación en Amazon. 2. Analizar desde cuando en Amazon y comprobar con Google Analitics y posibles causas. Vacaciones, cambio de algoritmo, nos han superado, penalización, ataque, problema técnico, cambio que hemos hecho, actualización de plugin o tema, no me muestra la home y los títulos tampoco o son raros, sólo tráfico de Google o también de rrss o referidos, en otras webs también?... 3. Revisar cambios antes de esa fecha. Apunta los cambios en notas de Google Analitycs. Cuánto ha caído el tráfico? 10%? 50%? 80%? 4. Revisar emails de avisos Google Search Console. 5. Revisar código fuente. botón derecho y ver código fuente 6. Revisa robots.txt. Luego sitemap y redirecciones. (en plugins y htaccess) 7. Escribe en Google site:borjagiron.com y revisa a qué afecta y cómo se muestra. ¿Avisos de Google? 8. Ver Search Console. Errores graves. Puede que haya otros errores que no tengan que ver. ¿Caídas de servidor? 9. Analiza con herramienta SEO enlaces (seo negativo) y caída de posiciones. 10. Herramienta - Salud del sitio. En WordPress. 11. Tratar de acotar el problema. y haz los cambios oportunos. (Volver a versión anterior del tema, desinstalar plugin, revisar cambios en versiones de plugins que tengan fix o actualización por problema, revisar plugin de SEO, revisar si alguien ha tocado, revisar redirecciones...) Si necesitas ayuda escribe al soporte de tu hosting. Pregunta en grupo de Telegram, en foros... 12. Yo tengo varias webs que son copias con las que se puede jugar y están en Google también. Veo versiones y comparo. 13. Hay que esperar. Puede que unas horas o unos días. Esto es lo malo. No sabes cuanto tiempo ni si los cambios son los apropiados. Tras 2 días si no pasa nada, volver a ver el proceso. Hazlo por la mañana. 14. Prevenir: Plugin de volver atrás en versiones de temas y plugins WP Rollback. Plugin copia de seguridad updraft plus y en hosting. Wordfence. Cambiar acceso de admin. Cambiar contraseñas. Cambiar nombre de usuarios. Apuntar los cambios. Monitorizar y revisar Google de vez en cuando. Estar en buen hosting. Tener el contacto de alguien que pueda ayudarte. ¿Hora de migrar? ¿Hora de cambiar el tema? 15. https://uptimerobot.com 16. Restaurar copia de seguridad desde hosting o con updraft plus 17. Debes diversificar fuentes de ingresos 18. Trabaja la marca. Esto hace que Google se piense si quitarte más tiempo. 19. Estuve en total 4 días con la caída de tráfico pasando de 9.000 a 3.000 visitas al día. 70% de caída. 20. Optimicé otras webs y tras 2 días subieron x3 las visitas y los ingresos x4. Detectar - Analizar - Descubrir punto - solucionar - revisar - prevenir - revisar de nuevo
WP Builds Newsletter #49 - New Gutenberg blocks, Wordfence Central and DuckDuckGo rising
WP Builds Newsletter #49 - New Gutenberg blocks, Wordfence Central and DuckDuckGo rising
© 2020-2025 Ivy Podcast Discovery LLC
