Is it me or do we see any type of pattern here? Thankfully, “Wordfence” is on the job, 24/7. This is my kind of plug in!
The new WordPress editor, “Gutenberg” has arrived. It is very sleek. Gutenberg is the epitome of object-oriented page building! It is building block driven: literally, you make pages by using Gutenberg’s building blocks, and working within the blocks. It is very sleek!
Gutenberg’s WordPress page:
Nothing to see here, folks …
“Backdoor in Captcha Plugin Affects 300K WordPress Sites”
“The WordPress repository recently removed the plugin Captcha over what initially appeared to be a trademark issue with the current author using “WordPress” [Editors note: the original page has been removed, we’re now linking to a screen shot.] in their brand name.
Whenever the WordPress repository removes a plugin with a large user base, we check to see if it was possibly due to something security-related. Wordfence alerts users when any plugin they are running is removed from WordPress repo as well. At the time of its removal, Captcha had over 300,000 active installs, so its removal significantly impacts many users.”
Incredible analysis in the below link. Nicely done by WordFence.
“China is in the lead” … of blocked countries. My humble website is constantly being sniffed at from the outside. To me it makes no sense on the surface – I have no confidential data or business secrets whatsoever. I do not do eCommerce or any business transactions for that matter. I do not even make poor stock market predictions!
But it makes sense to the potential intruders. These are likely bots just doing recon, searching for WordPress, Plugin or theme weaknesses and other possible pots of gold. Thankfully, I am fully invested in “WordFence”, an outstanding WordPress firewall.
Thousands of Hacked Home Routers are Attacking WordPress Sites
Fascinating blog from WordFence, one of the best WordPress firewall out there. They uncovered attacks coming from various countries and regions. The target is home networks. There is a router vulnerability called “Misfortune Cookie” [really] that is being exploited. It appears many home routers are hacked with this vulnerability and they in turn launch attacks. The tricky part here is that the launched attacks are actually small per home router, so detection is difficult.
The really weird thing is that the IPS are coming from all over the place, but attacks from Algeria [!] are increasing dramatically.
Read the WordFence Blog here
Memo to self: be sure to double check updated WordPress plugins immediately after doing the update!
It is like stating the obvious, but nonetheless very important to remember the above. I just updated the Captcha and WordFence plugins. I saw an error, but remembered to check the Plugins section to verify they are running. Once activated the plugins are fine. Some seem to need this, while others activate ‘automagically’.
You don’t see this humility enough on the modern web >>
“My previous insight was totally wrong. I’ll fix this issue in near future.”
The honesty is very refreshing. I may just check that product [a plugin] out! ;>
WordPress is so ubiquitous these days on the web, but hopefully more developers will keep up with the security needs of their sites or at least delegate to someone to maintain after their site is built.
This ‘Wordfence’ security plugin is very impressive. It can do a site scan, block IPs or countries [China, anyone?], and give a live screen of current connections. It does much more as well, especially if the free version is upgraded to the paid version.
It has over 1 million installs as of September, 2015. There is a reason for that – even the free tools are very useful and can provide a fair amount of security. I recently installed this plugin on ‘Riguy’ and it is exactly what is needed for a security blanket.
WOW, that was scary! I just went into my WP-ADMIN to update some Plugins and the theme [I heard there was an update @ 4.2.2], and I ended up losing my site: we are talking full on, white page, so a screen shot would not really do justice to how scary that is. There was no error code or message in site. Is this a “White Screen of Death”? I had the 2014 WordPress theme installed, nothing more except a few plugins. I did notice before trying to update WP 2014 that 2015 was sitting there unused, and I checked the box. Big mistake [?]. I guess I really should have simply removed 2015 altogether until I was ready to move to it or not checked the box. But shouldn’t we be able to update both the 2014 AND 2015 theme, without taking the site down? Lesson learned!
I also ended up with this rather ugly message in the Themes WP-Admin area upon finishing the themes updates:
“theme directory “twentyfifteen” does not exist”
Yikes! Site down, and limited options! Did I mention I am NOT USING 2015. I guess by checking both boxes, the assumption by the application is I wanted to upgrade to 2015.
I panicked and started searching frantically over at my friend, the Google search engine. Unfortunately, none of the fixes applied to my situation and some did not work for me. The fix was surprisingly easy, but I admit I ‘rolled the dice’ on it, as I was not sure if I would lose my site for good, or at least until a full reinstall. [I DID have some backups of the content].
I was still able to get into my http:// sitename/wp-admin so at least I had that going for me. Gratitude! I went into the Appearance and themes area, which is where the ugly message was showing and I added the 2014 theme back. I reinstalled it. This all happened so fast, I had to do it twice – sorry but I am not sure why this was necessary, but the WP 2014 site indeed came back!