Tools for remote team management, communication & security WordPress businesses should use

https://www.wpwhitesecurity.com/remote-team-management-tools-security-wordpress-businesses/

The global pandemic has turned the world of work upside down. Commuting to the workplace is no longer a daily habit for up to 40% of the workforce1. What’s more, it’s a trend set to stay in place long after the scientific community has found an effective treatment or vaccine for the virus. Online and WordPress website-based businesses particularly adept at making the switch to remote working using necessary tools for WordPress businesses. But that doesn’t come without its challenges. User accountability, user communication, and security concerns all accompany the switchover to this new model of working. The solution to […]

Top 10 WordPress Security Mistakes and How to Avoid Them

https://ithemes.com/wordpress-security-mistakes/

WordPress security mistakes are easy to make. The most common mistakes in your WordPress security can be based on outdated information, common WordPress security myths or just not knowing WordPress security best practices. While WordPress itself is secure, avoiding WordPress security mistakes requires a little bit of effort from site owners. In this post, we’ll cover the top 10 WordPress security mistakes with tips on how to avoid them. In this article Let’s dive in. We’ll cover eveyrthing from the quality of your WordPress host to your WordPress admin login to the themes and plugins you use. 1. Choosing Poor […]

3 Ways To Fix ‘403 Forbidden Request Forbidden By Administrative Rules’

https://blogvault.net/fix-403-forbidden-error-wordpress/

Forbidden from accessing your own WordPress website? It’s frustrating and most of the time, you’ll find yourself trying out a number of solutions that don’t work. This is because the causes and solutions for the 403 error differ based on various circumstances. In the meantime, your visitors see a broken website and you may find yourself […] The post 3 Ways To Fix ‘403 Forbidden Request Forbidden By Administrative Rules’ appeared first on BlogVault – The Most Reliable WordPress Backup Plugin.

WordPress 5.6 Beta 1

https://wordpress.org/news/2020/10/wordpress-5-6-beta-1/

WordPress 5.6 Beta 1 is now available for testing! This software is still in development, so we recommend that you run this version on a test site. You can test the WordPress 5.6 beta in two ways: Try the WordPress Beta Tester plugin (choose the “bleeding edge nightlies” option). Or download the beta here (zip). The current target for final release is December 8, 2020. This is just seven weeks away, so your help is needed to ensure this release is tested properly. Improvements in the Editor WordPress 5.6 includes seven Gutenberg plugin releases. Here are a few highlighted enhancements: Improved support for video positioning in […]

Episode 91: How Hackers Can Use CSRF Vulnerabilities and Spearphishing to Wreak Havoc on WordPress

https://www.wordfence.com/blog/2020/10/episode-91-how-hackers-can-use-csrf-vulnerabilities-and-spearphishing-to-wreak-havoc-on-wordpress/

On this week’s episode of Think Like a Hacker, we chat about the cross-site request forgery (CSRF) vulnerability found in the Child Theme Creator by Orbisius and how attackers could use a vulnerability like this with spearphishing to wreak havoc, much like the phishing campaigns now being found on the Canva design platform. With WordPress adding application passwords for REST API authentication, we discuss the benefits coming with this capability in WordPress version 5.6. We also consider the ramifications of the critical, wormable RCE bug patched by Microsoft, and how attackers are actively attacking the recent zerologon vulnerability that was […]

Sucuri Sit-Down Episode 4: XSS & WP Plugin Vulnerabilities with Antony Garand

http://feedproxy.google.com/~r/sucuri/blog/~3/P5MPH6icchE/sucuri-sit-down-episode-4-xss-wp-plugin-vulnerabilities-with-antony-garand.html

October is National Cyber Security Awareness Month, and we’re back with analyst Antony Garand to take a deeper look into cross site scripting (XSS) attacks and WordPress plugin vulnerabilities. Plus, host Justin Channell will catch you up on the latest website security news from the Sucuri blog. For further reading about any of these topics, check out these blogs we reference in the episode: WordPress Malware Disables Security Plugins to Avoid Detection Critical Vulnerability in File Manager Plugin Affecting 700k WordPress Websites Reflected XSS in WordPress Plugin Admin Pages Backdoor Shell Dropper Deploys CMS-Specific Malware Magento Multiversion (1.x/2.x) Backdoor Justin […]

Add a WordPress Admin User Account via PHP

http://feedproxy.google.com/~r/tipsandtricks-hq/~3/76g0wrmsv1I/add-wordpress-admin-user-account-via-php-11792

Sometimes our WordPress plugin users need to create an Admin user account for their sites. In this tutorial I will share a small PHP code with you that can be used to create a WordPress Administrator user to your site. Alternatively, you can also create a WordPress admin user via MySQL. You will need to have FTP access to your site so you can access and edit the theme files. Step 1) Log in via FTP Log into your site via FTP and browse to your theme’s folder. It should be in the following location: wp-content/themes/ You can use a […]

High Severity Vulnerability Patched in Child Theme Creator by Orbisius

https://www.wordfence.com/blog/2020/10/high-severity-vulnerability-patched-in-child-theme-creator-by-orbisius/

On September 9, 2020, our Threat Intelligence team discovered a vulnerability in Child Theme Creator by Orbisius, a WordPress plugin installed on over 30,000 sites. This flaw gave attackers the ability to forge requests on behalf of an administrator in order to modify arbitrary theme files and create new PHP files, which could allow an attacker to achieve remote code execution (RCE) on a vulnerable site’s server. We initially reached out to the plugin’s developer on September 9th, 2020. After establishing an appropriate communication channel, we provided the full disclosure details on September 10, 2020. The developer provided us with […]

Statistics highlight the biggest source of WordPress vulnerabilities

https://www.wpwhitesecurity.com/statistics-highlight-main-source-wordpress-vulnerabilities/

We all know that plenty of WordPress sites are getting hacked each year. Is it because WordPress is an insecure system? Is it a global WordPress issue, or does it come from those webmasters’ actions? How, and why is it happening? Whether you are running a personal blog, business website, or an eCommerce site on WordPress, the security of your website should be a priority. There can be many reasons due to which your site’s security is compromised. The most common reasons are weak passwords, users mistakes, outdated software and missing security updates. In this article we use the latest […]

Moving WordPress from Localhost to Server – Complete Guide

https://blogvault.net/moving-wordpress-from-localhost-to-server/

Worried that shifting your WordPress site to an online server won’t work? You’re right to be. If migration is done incorrectly, it could cause errors that are hard to detect and resolve.  Many give up on moving WordPress from a localhost to a server because it’s just too hard.  That said, there is a way […] The post Moving WordPress from Localhost to Server – Complete Guide appeared first on BlogVault – The Most Reliable WordPress Backup Plugin.