WordPress Newsletter #36

WP News: Ongoing discussion around Gutenberg & how hackers are attacking the heart of your site with SQL Injections

Due to the jump to version 1.0 and a critical reaction to Mullenweg's Gutenberg plea, the new editor was once again at the centre of WP events last week. And a vulnerability in a WooCommerce plugin makes users potential victims of XSS attacks. We also show you why SQL injections are one of the biggest threats to your WordPresssite.

WP News: Ongoing discussion around Gutenberg & how hackers are attacking the heart of your site with SQL Injections

Attack on the heart of your pages

SQL injections are very dangerous hacks, especially for shop operators. If hackers succeed in injecting malicious code into the database of your site via a vulnerability or create an admin account, your site and its data are largely unprotected. Attackers can, for example, steal payment data or change your site at will. We show how the attacks work and how dangerous they are.

Performance

"Image optimization is both an art and a science"
Of course, it's nothing new that optimizing images improves the performance of your site website. Nevertheless, you should regularly check whether there is still room for improvement in this respect. According to Ilya Grigorik, Web Performance Engineer at Google, image optimization is both an art and a science: "An art because there is no one definitive answer for how best to compress an individual image, and a science because there are many well developed techniques and algorithms that can significantly reduce the size of an image.

Field report of the Google Mobile Sites Certification
After certifications in the areas of Google Adwords and Analytics, Google has been offering a "Mobile Site Certification" since April. The 90-minute online test asks for knowledge on topics such as creating, managing, measuring and optimizing mobile websites. Maddy Osman from WMPU DEV has tested the course and compiled the pros and cons.

Security

XSS vulnerability in WooCommerce plugin
An XSS vulnerability has been discovered in the WooCommerce Premium plugin 'Product Vendors'. The affected version is 2.0.35. The vulnerability was already fixed a month ago with version 2.0.36. The fact that the vulnerability is now publicly known increases the risk of an XSS attack enormously. If you use plugin , you should definitely update to version 2.0.36 or higher.

Basic security tips for webshop owners
Creating a website with an online store is now easier than ever thanks to WooCommerce and the like. More difficult, however, is creating an environment where your customers feel safe while shopping. Since customer trust is a crucial factor for success, the security provider Sucuri has some basic security tips that you should already consider when setting up your web store.

WordPress

What's new in Gutenberg 1.0?
The beta of the new WordPress editor has reached version 1.0. Despite discussions about jumping to the full version, the Gutenberg team has decided not to let numbers dictate certain expectations and to maintain the current frequency of weekly updates. New in 1.0, for example, is the ability to drag-and-drop media between text blocks or into a media block placeholder.

Reaction to Mullenweg's Gutenberg plea
In response to Matt Mullenweg's recent blog post "We Called it Gutenberg for a Reason," Greg Schoppe expresses his criticism of Mullenweg's promises regarding the new editor from a developer perspective in an "open response." "Unfortunately, many of those claims don't live up to reasonable scrutiny," Schoppe writes. The comments of the post also give an insight into the ongoing discussion about the editor.

Did you like the article?

With your rating you help us to improve our content even further.

Write a comment

Your e-mail address will not be published. Required fields are marked with *