XSS, SQL-Injection, XMLrpc - the descriptions of WordPress security updates are full of cryptic abbreviations. Even if it's clear that the updates are necessary, it's still nice to know what's actually behind the jumble of letters. After all, it's about your business. That's why we'll show you how cross-site scripting (XSS for short) works in our latest post. Because cross-site scripting is not only particularly widespread, but also particularly insidious. If hackers find such a vulnerability, they can inject malicious code on your (!) site and abuse it to harm your users.
CDNs are not a "unicorn magic solution"
Content Delivery Networks (CDNs) are computer networks that are distributed all over the world. They ensure that your offers can be delivered quickly even in Australia or the USA. But there's one thing a CDN is not: a performance hack for your pages. Our colleague Ernesto Ruge has all the background information on the subject.
Which PHP version is your site running on?
Most WordPress sites (40.4%) are running on PHP 5.6. And this despite the fact that PHP 7 can make your pages up to twice faster. The fact that currently only a little more than two percent of all WordPress sites are using the latest PHP standard is a huge problem, which the PHP Core Team has also addressed.
How secure are free themes?
No, of course they are not in principle more insecure than paid themes. But regardless of whether they are free or "premium", there are a few things to keep in mind when choosing a theme theme. Our colleagues from Torque show you what to look out for and which tools help you with the analysis.
Adobe: No more Flash updates in 2020
Adobe has announced that it will discontinue support and updates for Flash in 2020, as its use has steadily declined in recent years. On major browsers, such as Chrome, users have already had to actively agree to see Flash content since last year. "This trend reveals that sites are migrating to open web technologies, which are faster and more power-efficient than Flash. They're also more secure, so you can be safer while shopping, banking, or reading sensitive documents," Google Chrome Product Manager Anthony Laforge said of Adobe's announcement.
Apache bans Facebook license
The Apache Software Foundation has banned the use of Facebook's "BSD+Patents license" for Apache WordPress projects. However, Facebook is running its React project, among others, under this very license. Since React is currently considered the most promising candidate for the new WordPress JS framework, the license ban has reignited the React debate in the WP community. If the licensing dispute had erupted after React was integrated, millions of sites would likely have been down for days. This danger is also clearly articulated in the community: "Facebook license is really not open source. Code released under that license has no place in core."
The Core Team discussed the expectations and framework conditions for regional WordCamps. In fact, nothing should stand in the way of these, but the topic currently raises more questions than answers. For example, it must first be clarified how a region defines itself and what the concrete planning and implementation should look like on site.