WP News: Ongoing discussion around Gutenberg & how hackers are attacking the heart of your site with SQL injections

Torben Simon Meier Last updated 10/23/2020
3 Min.
WordPress  Newsletter #36

With the jump to version 1.0 and a critical response to Mullenweg's Gutenberg plea, the new editor was once again in the spotlight of WP happenings last week. And a vulnerability in a WooCommerce Plugin makes users potential victims of XSS attacks. Plus, we show you why SQL injections are one of the biggest threats to your WordPress site are.

WP News: Ongoing discussion around Gutenberg & how hackers are attacking the heart of your site  with SQL injections

Attack on the heart of your sites

SQL injections are very dangerous hacks, especially for shop operators. If hackers succeed in injecting malicious code into the database of your site via a vulnerability or create an admin account, your site and its data are largely unprotected. For example, attackers can steal payment details or modify site at will. We will show you how these attacks work and how dangerous they are.

Performance

"Image optimization is both an art and science"
The fact that optimizing images improves the performance of your site is of course nothing new. Nevertheless, you should regularly check whether there is still room for improvement in this respect. Because according to Ilya GrigorikWeb Performance Engineer at Google, image optimization is both an art and a science: "An art because there is no one definitive answer for how best to compress an individual image, and a science because there are many well developed techniques and algorithms. many well developed techniques and algorithms that can significantly reduce the size of an image."

Field report of the Google Mobile Sites Certification
After certifications in the areas of Google Adwords and Analytics, Google offers a "Mobile Site Certification" since April. The 90-minute online test asks for knowledge on topics such as creating, managing, measuring and optimizing mobile websites. Maddy Osman from WMPU DEV has tested the course and compiled the pros and cons.

Security

XSS vulnerability in WooCommerce Plugin
An XSS vulnerability has been discovered in the WooCommerce Premium Plugin 'Product Vendors'. The affected version is 2.0.35. The vulnerability was already fixed a month ago with version 2.0.36. The fact that the vulnerability is now publicly known increases the danger of an XSS attack enormously. If you use Plugin , you should definitely update to version 2.0.36 or higher.

Basic security tips for webshop operators
Creating a website with an online store is now easier than ever thanks to WooCommerce and its ilk. More difficult, however, is creating an environment where your customers feel safe while shopping. Since customer trust is a crucial success factor, security provider Sucuri has basic security tips that you should already consider when setting up your webshop.

WordPress

What's new in Gutenberg 1.0?
The beta of the new WordPress editor has reached version 1.0. Despite discussions about jumping to the full version, the Gutenberg team has decided not to let numbers dictate their expectations. and to keep the current frequency of weekly updates. New in 1.0 is, for example, the ability to drag-and-drop media between text blocks or into a media block placeholder.

Reaction to Mullenweg's Gutenberg plea
In response to Matt Mullenweg's recent blog post "We Called it Gutenberg for a Reason" expresses Greg Schoppe in an "open response" expresses his criticism of Mullenweg's promises regarding the new editor from a developer perspective. "Unfortunately, many of those claims don't live up to reasonable scrutiny," Schoppe writes. The comments of the post also give some insight into the ongoing discussion about the editor.

Comments on this article

Post a comment

Your email address will not be published. Required fields are marked with *.