A shiny new version of WordPress is not far away … WordPress 4.2 should be available within the next few weeks.
What’s new in WordPress 4.2
- Faster Plugin Installation and Updates
- Switch Themes in the WP Admin Customizer
- New and Improved Emoji Support
- Under the Hood
- Minor updates to the WP Admin theme
- Shared taxonomy terms get split *
- Improved accessibility for the WP Admin
An interesting article was recently published on ZDNet, highlighting the increasing risks associated with unmanaged WordPress hosting.
In particular, the recent vulnerability discovered in the ubiquitous Slider Revolution plugin (and the subsequent controversy about the management of it’s disclosure and patching) has raised important questions regarding WordPress management and security.
At what technical level, is it accepted that a website owner has the necessary know-how to secure a website, protect it against attacks and detect when problems occur? As WordPress becomes ever more popular around the world — so too does the need for focus on security, performance and scalability.
… security is an even bigger imperative. Many WordPress sites belong to people who don’t know jack about computers, let alone web site administration. These users are much better off with a WordPress environment in which their options are limited, but their safety protected.
In 2015, it will be more important than ever to ensure that your WordPress installations are secure and up to date.
The next major release for WordPress, version 4.1 is due to be released on December 15 2014.
You can read some (work in progress) information about the new release on the WordPress.org website.
We will be reviewing and testing WordPress 4.1 as soon as it’s released and then start our upgrade process for all our hosting customers shortly thereafter. … continues
It’s been a busy week for WordPress security, firstly a critical security issue was discovered in the very popular WordPress slider plugin; Slider Revolution, and just today an important security fix was released for Gravity Forms, another very popular WordPress plugin.
Whilst in both these cases the developers have responded rapidly to resolve issues (in fact the Slider Revolution bug was patched back in February 2014), the onus does fall on to the user to update their plugins. Failure to do so could leave your website vulnerable to attack. The Slider Revolution bug was particularly nasty, allowing a malicious user to download the wp-config.php file (or just about any file actually). The wp-config.php file contains all the database connection credentials so this was very serious indeed. … continues
After a slight delay while we finalised testing, we have now completed deploying WordPress 3.9 to all our Managed WordPress hosting customers.
To learn more about some of the fantastic new features and changes in WordPress 3.9, check out this article on Smashing Magazine.
On April 7 2014 a serious vulnerability was discovered in the widely used OpenSSL software — this affected many (many!) web servers across the world, requiring urgent patching.
As a precaution, it is also strongly advised that all SSL Certificates be reissued and all users change their passwords on system that used OpenSSL.
All WP NET servers have had patches installed and tested, and we have also reissued all SSL certificates used on our domains, including the Plesk Panel.
Test your domain for the OpenSSL HeartBleed Vulnerability
If you host a website and you use an SSL certificate on your domain, you should consider having the certificate reissued and reinstalled on your server.
Another WordPress release is just around the corner, version 3.7 — this has been a short cycle between versions and while the list of new features and changes may seem a little short … it packs a punch!
Our new Managed WordPress service is proving to be very well timed. While WordPress is a fantastic, easy-to-use CMS that costs you $0 to use — now, more than ever, WordPress site owners are learning that it is important to keep their core WordPress software, and plugins up to date.
Only a few weeks a go a serious security vulnerability was discovered in both of the two leading WordPress caching plugins (WP Super Cache and W3 Total Cache) — both of these plugins are completely free — provided to the community at no charge by the developers, and whilst both products are very professionally developed — all software is prone to bugs and vulnerabilities. The issue was identified, and to the authors credit, both plugins were fixed within hours, and updates made available via the WordPress Plugins repository. Securi website security monitoring started detecting hack attempts targeting these vulnerabilities only a few days later.
In a word — yes.
WordPress has taken a few knocks recently. Back in April there was a huge, brute-force attack targeting WordPress websites, and also a couple of very popular plugins had serious vulnerabilities discovered (which were promptly fixed).
It’s time to clear up the debate once and for all. Despite all the doubts (and some haters), WordPress core is without a doubt one of the most secure platforms you can choose to put a site on. Jason Cosper of WP Engine —
It’s time to clear up the debate once and for all. Despite all the doubts (and some haters), WordPress core is without a doubt one of the most secure platforms you can choose to put a site on.
— Jason Cosper of WP Engine