On behalf of the WordPress security team, I am announcing that we are invoking point 18 of the plugin directory guidelines and are forking Advanced Custom Fields (ACF) into a new plugin, Secure Custom Fields. SCF has been updated to remove commercial upsells and fix a security problem. On October 3rd, the ACF team announced ACF plugin updates will come directly from their website. This was also communicated via a support notice in the WordPress.org support forum on Oct 5th. Sites that followed the...
Tag: security
I’ve heard from WP Engine customers that they are frustrated that WP Engine hasn’t been able to make updates, plugin directory, theme directory, and Openverse work on their sites. It saddens me that they’ve been negatively impacted by Silver Lake‘s commercial decisions. On WP Engine’s homepage, they promise “Unmatched performance, automated updates, and bulletproof security ensure your sites thrive.” WP Engine was well aware that we could remove access when they chose to ignore our efforts to resolve our differences...
Any WP Engine customers having trouble with their sites should contact WP Engine support and ask them to fix it. WP Engine needs a trademark license, they don’t have one. I won’t bore you with the story of how WP Engine broke thousands of customer sites yesterday in their haphazard attempt to block our attempts to inform the wider WordPress community regarding their disabling and locking down a WordPress core feature in order to extract profit. What I will tell...
WordPress 6.5.5 is now available! This release features three security fixes. Because this is a security release, it is recommended that you update your sites immediately. This minor release also includes 3 bug fixes in Core. You can download WordPress 6.5.5 from WordPress.org, or visit your WordPress Dashboard, click “Updates”, and then click “Update Now”. If you have sites that support automatic background updates, the update process will begin automatically. WordPress 6.5.5 is a short-cycle release. The next major release...
Note: Due to an issue with the initial package, WordPress 6.5.1 was not released. 6.5.2 is the first minor release for WordPress 6.5. This security and maintenance release features 2 bug fixes on Core, 12 bug fixes for the Block Editor, and 1 security fix. Because this is a security release, it is recommended that you update your sites immediately. Backports are also available for other major WordPress releases, 6.1 and later. You can download WordPress 6.5.2 from WordPress.org, or...
This security and maintenance release features 5 bug fixes on Core, 16 bug fixes for the Block Editor, and 2 security fixes. Because this is a security release, it is recommended that you update your sites immediately. Backports are also available for other major WordPress releases, 4.1 and later. You can download WordPress 6.4.3 from WordPress.org, or visit your WordPress Dashboard, click “Updates”, and then click “Update Now”. If you have sites that support automatic background updates, the update process...
WordPress 6.4.2 is now available! This minor release features 7 bug fixes in Core. The fixes include a bug fix for an issue causing stylesheet and theme directories to sometimes return incorrect results. This release also features one security fix. Because this is a security release, it is recommended that you update your sites immediately. You can download WordPress 6.4.2 from WordPress.org, or visit your WordPress Dashboard, click “Updates”, and then click “Update Now”. If you have sites that support...
The WordPress Security Team is aware of multiple ongoing phishing scams impersonating both the “WordPress team” and the “WordPress Security Team“ in an attempt to convince administrators to install a plugin on their website which contains malware. The WordPress Security Team will never email you requesting that you install a plugin or theme on your site, and will never ask for an administrator username and password. If you receive an unsolicited email claiming to be from WordPress with instructions similar...
Disclaimer: This article is intended for educational and informative purposes only. It is not meant to encourage or instruct readers to engage in illegal activities. It’s tempting to use nulled plugins and themes for your WordPress website. After all, why pay when you can get it for free, right? You’ve probably seen countless articles and forum posts warning against using nulled software, but few delve into the “why” and “how” of the matter. “It’s risky” – but why exactly? Wrong....
Let me start with some seemingly obvious advice that everyone should know about. Never activate so-called “nulled” plugins and themes that you downloaded from warez sites. There are no Robin Hood’s in the real life that willing to buy premium themes and plugins just to share them with poor people. The vast majority of these hacked themes and plugins contain backdoors which allow hackers to take full control over your server in order to send spam, manage DDoS attacks, use...