XSS, SQL injection, XMLrpc - the descriptions of WordPress security updates are full of cryptic abbreviations. Even if it's clear that the updates are necessary, it's still nice to know what's actually behind the jumble of letters. After all, it's your business. That's why we're going to show you how cross-site scripting (XSS for short) works in our latest post. Because cross-site scripting is not only particularly widespread, but also particularly sneaky. If hackers find such a vulnerability, they can inject malicious code on your (!) site and abuse it to harm your users.
CDNs are not a "unicorn magic" solution
Content Delivery Networks (CDNs) are computer networks that are distributed all over the world. They ensure that your offers can be delivered quickly even in Australia or the USA. There's only one thing a CDN is not: a performance hack for your sites . Our colleague Ernesto Ruge has all the background to the topic.
Which PHP version is your site running on ?
Most of the WordPress sites (40.4%) run on PHP 5.6. And this despite the fact that PHP 7 can make your sites up to twice faster. The fact that currently only a little more than two percent of all WordPress sites are using the latest PHP standard is a huge problem, which also the PHP Core Team has taken care of.
How secure are free Themes?
No, of course they are not in principle more insecure than paid Themes. But no matter if free or "premium", there are some things to consider when choosing Theme in terms of security. The colleagues from Torque show what you have to watch out for and which tools help you with the analysis.
Adobe: No more Flash updates in 2020
Adobe has announced it will stop supporting and updating Flash in 2020, as its usage has steadily declined over the past few years. On the biggest browsers, such as Chrome, users have already had to actively agree to see Flash content since last year. "This trend reveals that sites are migrating to open web technologies, which are faster and more power-efficient than Flash. They're also more secure, so you can be safer while shopping, banking, or reading sensitive documents," said Google Chrome Product Manager Anthony Laforge about Adobe's announcement.
Apache bans Facebook license
The Apache Software Foundation has banned the use of Facebook's "BSD+Patents license" for Apache WordPress projects. Facebook, however, runs its React project, among others, under exactly this license. Since React is currently considered the most promising candidate for the new WordPress -JS framework, the license ban has reignited the React debate in the WP community. Had the licensing dispute erupted after the integration of React, millions of sites would likely have been down for days. This danger is also clearly articulated in the communityFacebook license is really not open source. Code released under that license has no place in core."
The Core Team discussed the expectations and framework conditions for regional WordCamps. Actually, nothing should stand in the way of these, but currently the topic raises more questions than answers. For example, it must first be clarified how a region defines itself and what the concrete planning and implementation should look like on site.