WooCommerce announced their roadmap for the future of WooCommerce, emphasizing two-way communication with the developer ecosystem in order to be responsive to their needs which further the goals of improving the experience for developers, merchants and customers. WooCommerce highlighted seven important areas for innovation and six specific areas that are targeted for enhancements that will … Read more
A week after releasing the troubled version 6.6, WordPress has released another version that fixes seven major issues including two that caused fatal errors (website crashes), another issue that caused a security plugins to issue false warnings plus several more that created unwanted UI changes. Fatal Errors In WordPress 6.6 The one issue that got … Read more
Managed WordPress web host WP Engine announced that they are acquiring NitroPack, a leading SaaS website performance optimization solution. The acquisition of of NitroPack by WP Engine demonstrates their continued focus on improving site performance for clients. NitroPack NitroPack is a relatively pricey but well regarded site performance solution that has for years been known … Read more
The U.S. National Vulnerability Database (NVD) and Wordfence published a security advisory of a high severity Cross Site Request Forgery (CSRF) vulnerability affecting the Nested Pages WordPress plugin affecting up to +100,000 installations. The vulnerability received a Common Vulnerability Scoring System (CVSS) rating of 8.8 on a scale of 1 – 10, with ten representing … Read more
WordPress announced over the weekend that they were pausing plugin updates and initiating a force reset on plugin author passwords in order to prevent additional website compromises due to the ongoing Supply Chain Attack on WordPress plugins. Supply Chain Attack Hackers have been attacking plugins directly at the source using password credentials exposed in previous … Read more
WordPress plugins continue to be under attack by hackers using stolen credentials (from other data breaches) to gain direct access to plugin code. What makes these attacks of particular concern is that these supply chain attacks can sneak in because the compromise appears to users as plugins with a normal update. Supply Chain Attack The … Read more
WooCommerce published an advisory about an XSS vulnerability while Wordfence simultaneously advised about a critical vulnerability in a WooCommerce plugin named Dokan Pro. The advisory about Dokan Pro warned that a SQL Injection vulnerability allows unauthenticated attackers to extract sensitive information from a website database. Dokan Pro WordPress Plugin The Dokan Pro plugin allows user … Read more
Automattic, the company behind WordPress.com, Jetpack, WooCommerce and more, have announced a new program to woo Agencies into their ecosystem of products with more ways to earn revenue. This new program could be seen as putting Automattic into direct competition with closed source systems like Wix and Duda but there are clear differences between all … Read more
Last month WordPress released a way to create or test WordPress sites on the desktop but the app was limited to Apple Mac devices. This month WordPress announces that WordPress Studio is now available for Microsoft Windows. According to WordPress, Microsoft Windows users account for over 25% of WordPress developers. But it’s possible that non-developers … Read more
Joost de Valk, the creator of Yoast SEO plugin, has created a new (and free) plugin for solving a site architecture problem that can silently diminish a website’s ability to rank. Site Architecture Site architecture is an important SEO factor because a well-organized website with clear navigation helps users quickly get to the content and … Read more
WP Rocket, the WordPress page speed performance plugin, just announced the release of a new version that will help publishers optimize for Largest Contentful Paint (LCP), an important Core Web Vitals metric. Large Contentful Paint (LCP) LCP is a page speed metric that’s designed to show how fast it takes for a user to perceive … Read more
WordPress has rolled out an update with version 6.5, introducing native support for the lastmod element in sitemaps. This move streamlines search engine crawl efficiency, potentially enhancing website visibility. The announcement comes from Gary Illyes, a member of Google’s Search Relations team, who took to LinkedIn to commend the WordPress developer community for their efforts. … Read more
Thankfully, there are plenty of steps you can take to protect your WordPress website. Easy WordPress Security Basics When setting up your WordPress site security, there are some basic things you can do to beef up your protection. Below, we will take a look at some of the first things you should do to help … Read more
WordPress announced the rollout of Studio by WordPress, a new local development tool that makes it easy for publishers to not just develop and update websites locally on their desktop or laptop but is also useful for learning how to use WordPress. Learn about Studio and other platforms that are make it easy to develop … Read more
WordPress security scanner WPScan’s 2024 WordPress vulnerability report calls attention to WordPress vulnerability trends and suggests the kinds of things website publishers (and SEOs) should be looking out for. Some of the key findings from the report were that just over 20% of vulnerabilities were rated as high or critical level threats, with medium severity … Read more
WordPress released an official plugin that adds support for a cutting edge technology called speculative loading that can help boost site performance and improve the user experience for site visitors. Speculative Loading Speculative loading is a technique that fetches pages or resources before a user clicks a link to navigate to another webpage. The official … Read more
WordPress announced the 6.5.2 Maintenance and Security Release update that patches a store cross site scripting vulnerability and fixes over a dozen bugs in the core and the block editor. The same vulnerability affects both the WordPress core and the Gutenberg plugin. Cross Site Scripting (XSS) An XSS vulnerability was discovered in WordPress that could … Read more
The popular Beaver Builder WordPress Page Builder was found to contain an XSS vulnerability that can allow an attacker to inject scripts into the website that will run when a user visits a webpage. Beaver Builder Beaver Builder is a popular plugin that allows anyone to create a professional looking website using an easy to … Read more
