This week there's something for your ears, namely the first episode of capital_P_odcast - a new podcast from the German WP community. And Wordfence has published the WordPress Attack Report for July. We also show you one of the biggest gateways for hackers, but hardly anyone knows about it.
XMLrpc: The programmed WordPress vulnerability
XMLrpc: What looks like someone fell asleep with his head on the keyboard is actually a programmed WordPress vulnerability. Actually conceived for remote access to the WordPresssite , XMLrpc today serves mainly as a gateway for hackers. Figures show that the majority of brute force attacks target both WP admin and XMLrpc. And DDoS attacks are also possible through the interface. Find out how relevant the vulnerability is and how you can protect yourself in this article.
How to speed up your theme in just a few steps
Matthias Kittsteiner explains how you can improve the performance of your theme with small changes in the code, using a child theme from "Twenty Seventeen" as an example.
Wordfence July Security Report
As always, the monthly WordPress Attack Report from security vendor Wordfence provides interesting insights into the dark machinations of the WordPress universe: While the average number of daily attacks has increased by 21% compared to June, the daily volume of attacks remains surprisingly stable over the month. "It's almost like the attackers went on vacation and left their malicious bots running on autopilot," the security report states.
TrafficTrade malware spreads
In a blog post, security provider Wordfence warns against so-called "TrafficTrade" malware. A vulnerability of the WP theme "Newspaper" is exploited, whereby attackers can place malicious code in the table "wp_options". This way, your site visitors are automatically redirected to a site of the attackers, which, for example, downloads malicious browser plugins.
Now it is certain: WP 4.9 comes without Gutenberg editor
In a core post Mel Choyce - co-lead of the 4.9 release - has published a preliminary list of goals for the update to WordPress 4.9. The six main topics of the draft are the improvement of code editing, customization, theme change and image editing, as well as the theme- and plugin-upload via ZIP and the REST API. The planned release date is November 14.
New podcast from the German WP community
In their new "capital_P_odcast" Maja Benke and Bernhard Kau talk about topics and events from the WP community. The goal of the podcast is to provide clarity on what makes WordPress and the WP community tick, as well as discuss relevant topics for WP users. The first episode of the podcast is about the pros and cons of pagebuilders.
WordPress.com is not WordPress.org
The confusion between WordPress.com and WordPress.org is a common phenomenon especially among WP newcomers. Caspar Hübinger has dedicated a separate site to this problem, where he critically explains not only the differences but also the consequences of this confusion.