Has your WordPress site been hacked in the last 30 days? If so, you’re joining 1.5 million other WordPress users who have found themselves in the same situation. Unfortunately, yes, hacking was very much the main hot topic in the WordPress world this February.
This is the February 2017 edition of “This Month in WordPress with CodeinWP.”
February 2017 in WordPress
It all started on Feb 1st. Sucuri broke the news that a new vulnerability in WordPress has been discovered, and they gave it a “DREAD Score” of 9/10. In their own words:
But Feb 1st was already too late. At this point, the damage has already been done. What followed soon after was a true waterfall of reports of hacked sites and an overall nightmare-of-a-day for millions – millions! – of WordPress users.
Check the main Sucuri’s post to learn all the technical details. Wordfence shared their point of view as well.
WordPress 4.7.2 was launched in order to fix the aforementioned security issues found in 4.7.1 and 4.7. Four main things have been fixed:
- An issue in Press This, through which the user interface for assigning taxonomy terms was shown to those who did not have permissions.
- A SQL injection vulnerability in WP_Query.
- A cross-site scripting (XSS) vulnerability.
- A vulnerability in a REST API endpoint.
The full release info here.
You may also be interested in:
- I Read the “Official” WordPress in 2025 Report – It’s Just a Piece of Enterprise PR
- Mary Hubbard, New Executive Director of WordPress.org Engages in Open Q&A With the Community (and Matt Mullenweg)
- WordCamp US 2024 Schedule Released: Get Ready for the Event!
On June 13-14, two days before WordCamp Europe, the WordPress Community Summit will take place. This is a meeting meant to bring together WordPress contributors for talks and debates on topics of high importance. The event will be held in an European city for the first time.
For this year’s Community Summit, a new selection process was implemented: contributor teams make a list with the most critical topics/issues that must be discussed and nominate attendees who can support those subjects. If you want a particular topic to be discussed, you can fill out this form and contribute your opinion.
Disqus, the most popular third-party commenting system for WordPress, will start charging you for removing ads from your WordPress comments, a feature that was free until now. And it won’t be cheap – $10 a month.
Will this change affect the Disqus brand and in what way? Well, WordPress has a few free plugins for comments in case you don’t want to pay anything. Or, there’s always the possibility (not necessarily a pleasant one) to live with the ads…
WordPress has a new UI prototype for Gutenberg, a block-based editor meant to ease the user interaction with the platform. The editor is somewhat like a page builder, letting you edit the posts on the same page by simply clicking on a paragraph and modifying it on the go. In other words, the editor provides tools for writing when you click on an element and allows you to move the blocks up and down, through drag-and-drop options.
The UI Prototype is currently being tested and it’s only an experimental tool. Anyway, one thing we know for sure: the WordPress Core Editor team, led by two Automattic employees, plans to change the current editor into something more user-oriented.
With the help of GoDaddy’s sponsorship, OSTraining launched a free WordPress course for beginners on YouTube. It consists of 40 videos already. All of them diverse, from how to install WordPress on a hosting account and manage the dashboard, to WooCommerce guides and more.
OSTraining is an open source software education program that provides more than 3000 videos for various platforms like WordPress, Joomla, Magento, and Drupal. This initiative was born after the company experienced great success when it first published a free Drupal 8 course in 2016. That one reached over 1 million views in a year.
Great Articles From Around The Web
Sometimes plugins disappear from the repository just like that. Maybe there was a reason for the plugin’s removal? Maybe you should stop using it? What’s for sure is that you should have a way of identifying those plugins.
ThemeForest Or CodeCanyon: Should WordPress Devs Sell Plugins Or Themes?
“Should I make a theme or a plugin?” The guys from Freemius do the math and share which path is more likely to work.
Sucuri vs Wordfence – Which WordPress Security Plugin should I Get?
It comes without question that you need security plugins/tools on your WordPress site. But which one is the better choice for you when there are tons out there? Check out this post comparing the two most popular.
How Many WordPress Plugins is Too Many? The Answer Might Surprise You
Is there a limit when it comes to the number of active plugins you should have on your WordPress site? Does installing too many plugins affect performance? You should take a look at this article.
Everybody is talking about the many types of WordPress hosting: shared, VPS, managed etc. But do you really know what each of these means?
Different Pricing Strategies: Discover What Works For You
When setting a price for a product, you don’t just throw the dice and pick a random number. Prices should be calculated based on a couple of important factors. See what these factors are.
Definitive WooCommerce Guide to Boost Ecommerce Sales
This is not just another WooCommerce post talking about some random tricks. This is a very comprehensive guide that goes step-by-step through the process of making your store rock and optimized for sales.
Why is SEO essential for your business?
When you start a new website, everyone keeps telling you that you need to be doing SEO if you want to reach any level of success. So SEO has to be important, right? But do you know why? I mean, why does it matter so much? Read ManageWP’s piece to discover.
WordPress Widgets to Watch in 2017
Pretty self-explanatory, these are the widgets to watch in 2017. Cool and original list. Check it out.
That’s it for February 2017. Anything we missed?
