WP-News: The WordPress gateway that hardly anyone knows about & WP Attack Report July

Torben Simon Meier Last updated 14.01.2020
2 Min.
WordPress  Newsletter #33

This week there's something for your ears, namely the first episode of capital_P_odcast - a new podcast from the German WP community. And Wordfence has published the WordPress Attack Report for July. We also show you one of the biggest gateways for hackers, but hardly anyone knows about it.

WP-News: The WordPress gateway that hardly anyone knows about & WP Attack Report July

XMLrpc: The programmed WordPress security hole

XMLrpc: What looks like someone fell asleep with their head on the keyboard is actually a programmed-in WordPress vulnerability. Actually designed for remote access to the WordPress site , XMLrpc now serves primarily as a gateway for hackers.

Numbers show that the majority of brute force attacks target both WP admin and XMLrpc. And DDoS attacks are also possible via the interface. We show how relevant the vulnerability is and how you can protect yourself.

Performance News

How to speed up your Theme in just a few steps
Matthias Kittsteiner explains how you can improve the performance of your Themes with small changes in the code using the example of a childThemes of "Twenty Seventeen".

Security News

Wordfence July Security Report
As always, the monthly WordPress Attack Report from security vendor Wordfence provides interesting insights into the dark machinations of the WordPress universe: While the average number of daily attacks has increased by 21% compared to June, the daily volume of attacks remains surprisingly stable over the month. "It's almost like the attackers went on vacation and left their malicious bots running on autopilot," the security report reads.

TrafficTrade malware spreads
In a blog post, security provider Wordfence warns of so-called "TrafficTrade" malware. A vulnerability of the WP-Themes "Newspaper" is exploited, whereby attackers can place malicious code in the table "wp_options". Thus, your site visitors are automatically redirected to a site of the attackers, which downloads bswp. malicious browserPlugins .

WordPress -News

Now it's certain: WP 4.9 comes without Gutenberg editor
In a Core post, Mel Choyce - co-lead of the 4.9 release - has published a preliminary list of goals for the update to WordPress 4.9. The six main themes of the draft are to improve code editing, customization, Theme change and image editing, as well as Theme- and Plugin-upload via ZIP and the REST API. The planned release date is November 14th.

New Podcast from the German WP Community
In their new "capital_P_odcast" Maja Benke and Bernhard Kau talk about topics and events from the WP community. The goal of the podcast is to create clarity about what makes WordPress and the WP community tick and to discuss relevant topics for WP users. The first episode of the podcast is about the pros and cons of pagebuilders.

WordPress .com is not WordPress .org
The confusion between WordPress .com and WordPress .org is a common phenomenon, especially among WP novices. Caspar Hübinger has dedicated a separate site to this problem, on which he critically explains not only the differences but also the consequences of this confusion.

Comments on this article

Post a comment

Your email address will not be published. Required fields are marked with *.