Will WordPress be ready to remove the Beta label from the Site Editor in the upcoming 6.2 release? The project’s Executive Director Josepha Haden Chomphosy addressed this question in her latest WP Briefing podcast episode titled “What Does Concluding a Gutenberg Phase Really Mean?“

“All of the projects, with the exception of two, I believe, in the Phase 2 scoping ticket, will be shipped in the Gutenberg plugin before [the] WordPress 6.2 release comes out,” Haden Chomphosy…….

Yoast SEO plugin founder, Joost de Valk, published a critical appraisal of the WordPress user interface (UI), saying that it makes it  “harder to use” and may be a reason that contributes to WordPress losing market share to companies like Wix and Shopify.

The official WordPress design philosophy states that they want to make WordPress easier to use with every new version published.

They write that it’s their goal that the “non-technically minded” user is the one they …….

Jan 25, 2023Ravie LakshmananWebsite Security / WordPress

A massive campaign has infected over 4,500 WordPress websites as part of a long-running operation that’s been believed to be active since at least 2017.

According to GoDaddy-owned Sucuri, the infections involve the injection of obfuscated JavaScript hosted on a malicious domain named “track[.]violetlovelines[.]com” that’s designed to redirect visitors to unwanted sites.

The latest operation is said to have be…….

Although GitHub is primarily used for code collaboration, WordPress’ Community team is considering adopting the platform to standardize their project management tools.

Contributing to open source can already be challenging but when it requires signing up for multiple services in order to access the team’s many spreadsheets, trello boards, Slack groups, and other modes of communication, onboarding new contributors becomes needlessly difficult.

A new proposal, authored…….

WordPress Executive Director Josepha Haden Chomphosy published a summary of the project’s “big picture” goals for 2023. The goals fall into three major categories: CMS, Community, and Ecosystem.

WordPress development will focus on completing the remaining tasks for Phase 2 (Customization), and will move on to begin exploring Collaboration in Phase 3.

“As we prepare for the third phase of the Gutenberg project, we are putting on our backend developer hats and wor…….

Three popular ecommerce plugins for WordPress (WP) installations, open to SQL injection attacks since December 2022, have been patched, protecting businesses from threat actors modifying or deleting their websites.

The three affected plugins, as discovered by Tenable security researcher Joshua Martinelle (opens in new tab) (via BleepingComputer (opens in new tab)), were ‘Paid Memberships Pro (opens in new tab)’, a subscription management tool active on over 100,000 installations, …….

Three popular WordPress plugins with tens of thousands of active installations are vulnerable to high-severity or critical SQL injection vulnerabilities, with proof-of-concept exploits now publicly available.

SQL injection is a website security flaw that allows attackers to input data into form fields or via URLs that modify legitimate database queries to return different data or modify a database.

Depending on the website code being vulnerable to a SQL injection flaw, …….

WordPress’ Performance Team met this week with the express purpose of responding to Matt Mullenweg’s recent request to stop adding functionality to the Performance Lab plugin which could otherwise work as a standalone plugin.

At the end of December 2022, the Performance Team published instructions for how to test the new SQLite implementation, which was bundled into the Performance Lab plugin as a module. Mullenweg commented on the post, indicating he saw the SQLite functionali…….

Malware that exploits unpatched vulnerabilities in 30 different WordPress plugins has infected hundreds if not thousands of sites and may have been in active use for years, according to a writeup published last week.

The Linux-based malware installs a backdoor that causes infected sites to redirect visitors to malicious sites, researchers from security firm Dr.Web said. It’s also able to disable event logging, go into standby mode, and shut itsel…….