WordPress Contributors Work Towards Removing Site Editor Beta Label for 6.2 Release – WP Tavern

Will WordPress be ready to remove the Beta label from the Site Editor in the upcoming 6.2 release? The project’s Executive Director Josepha Haden Chomphosy addressed this question in her latest WP Briefing podcast episode titled “What Does Concluding a Gutenberg Phase Really Mean?“

“All of the projects, with the exception of two, I believe, in the Phase 2 scoping ticket, will be shipped in the Gutenberg plugin before [the] WordPress 6.2 release comes out,” Haden Chomphosy…….


Yoast SEO Founder: WordPress Admin Interface Is “Simply Bad” – Search Engine Journal

Yoast SEO plugin founder, Joost de Valk, published a critical appraisal of the WordPress user interface (UI), saying that it makes it  “harder to use” and may be a reason that contributes to WordPress losing market share to companies like Wix and Shopify.

The official WordPress design philosophy states that they want to make WordPress easier to use with every new version published.

They write that it’s their goal that the “non-technically minded” user is the one they …….


Over 4,500 WordPress Sites Hacked to Redirect Visitors to Sketchy Ad Pages – The Hacker News

Jan 25, 2023Ravie LakshmananWebsite Security / WordPress

A massive campaign has infected over 4,500 WordPress websites as part of a long-running operation that’s been believed to be active since at least 2017.

According to GoDaddy-owned Sucuri, the infections involve the injection of obfuscated JavaScript hosted on a malicious domain named “track[.]violetlovelines[.]com” that’s designed to redirect visitors to unwanted sites.

The latest operation is said to have be…….


WordPress Community Team Proposes Adopting GitHub to Improve Collaboration – WP Tavern

Although GitHub is primarily used for code collaboration, WordPress’ Community team is considering adopting the platform to standardize their project management tools.

Contributing to open source can already be challenging but when it requires signing up for multiple services in order to access the team’s many spreadsheets, trello boards, Slack groups, and other modes of communication, onboarding new contributors becomes needlessly difficult.

A new proposal, authored…….


WordPress Project Aims to Complete Customization Phase and Begin Exploring Collaboration in 2023 – WP Tavern

WordPress Executive Director Josepha Haden Chomphosy published a summary of the project’s “big picture” goals for 2023. The goals fall into three major categories: CMS, Community, and Ecosystem.

WordPress development will focus on completing the remaining tasks for Phase 2 (Customization), and will move on to begin exploring Collaboration in Phase 3.

“As we prepare for the third phase of the Gutenberg project, we are putting on our backend developer hats and wor…….


Thousands of WordPress sites could be at risk, so patch now – TechRadar

Three popular ecommerce plugins for WordPress (WP) installations, open to SQL injection attacks since December 2022, have been patched, protecting businesses from threat actors modifying or deleting their websites.

The three affected plugins, as discovered by Tenable security researcher Joshua Martinelle (opens in new tab) (via BleepingComputer (opens in new tab)), were ‘Paid Memberships Pro (opens in new tab)’, a subscription management tool active on over 100,000 installations, …….


PoC exploits released for critical bugs in popular WordPress plugins – BleepingComputer

Three popular WordPress plugins with tens of thousands of active installations are vulnerable to high-severity or critical SQL injection vulnerabilities, with proof-of-concept exploits now publicly available.

SQL injection is a website security flaw that allows attackers to input data into form fields or via URLs that modify legitimate database queries to return different data or modify a database.

Depending on the website code being vulnerable to a SQL injection flaw, …….


WordPress Performance Team Working Towards Unbundling Performance Lab Plugin – WP Tavern

WordPress’ Performance Team met this week with the express purpose of responding to Matt Mullenweg’s recent request to stop adding functionality to the Performance Lab plugin which could otherwise work as a standalone plugin.

At the end of December 2022, the Performance Team published instructions for how to test the new SQLite implementation, which was bundled into the Performance Lab plugin as a module. Mullenweg commented on the post, indicating he saw the SQLite functionali…….

Weightlifting WordPress

Hackers exploit bug in WordPress gift card plugin with 50K installs – BleepingComputer

Hackers are actively targeting a critical flaw in YITH WooCommerce Gift Cards Premium, a WordPress plugin used on over 50,000 websites.

YITH WooCommerce Gift Cards Premium is a plugin that website operators to sell gift cards in their online stores.

Exploiting the vulnerability, tracked as CVE-2022-45359 (CVSS v3: 9.8), allows unauthenticated attackers to upload files to vulnerable sites, including web shells that provide full access to the site.

CVE-2022-45359 …….


Hundreds of WordPress sites infected by recently discovered backdoor – Ars Technica

Malware that exploits unpatched vulnerabilities in 30 different WordPress plugins has infected hundreds if not thousands of sites and may have been in active use for years, according to a writeup published last week.

The Linux-based malware installs a backdoor that causes infected sites to redirect visitors to malicious sites, researchers from security firm Dr.Web said. It’s also able to disable event logging, go into standby mode, and shut itsel…….