Skip to content

WP Builds Newsletter #55 – Multiple plugins hacked, plugin updates and MySpace loses data

WP Builds Newsletter #55 – Multiple plugins hacked, plugin updates and MySpace loses data

This weeks WordPress news – Covering The Week Commencing 18th March 2019:

WordPress Core

WordPress Ends Support for PHP 5.2 – 5.5, Bumps Minimum Required PHP Version to 5.6
“WordPress has officially ended support for PHP 5.2 – 5.5 and bumped its minimum required PHP version to 5.6. The plan announced last December was to bump the minimum required version in early 2019 and, depending on the results, bump it again to PHP 7 in December 2019. Sites on PHP 5.5 or earlier can still get security updates but will not be able to upgrade to the latest major WordPress version…”

Gutenberg 5.3 Introduces Block Management, Adds Nesting to the Cover Block
“Gutenberg 5.3 was released today with basic block management, a feature that will be included in WordPress 5.2. It is a new modal that can be launched from the vertical ellipses menu, inspired by Rich Tabor’s CoBlocks implementation. Users can turn individual blocks on/off or even entire sections, such as Common Blocks, Formatting, and Embeds. Block management should help users avoid the bloat that happens when installing block collections with more blocks than they need…”

Premium WordPress hosting for everyone, small or large

The Improved Fatal Error Protection
“Following the post on Site Health mechanisms released in WordPress 5.1, the feature labelled “Fatal Error Protection” (see #44458) was reverted, resulting in it not ending up as part of that release. This was necessary due to several security concerns, partly discovered by the team, partly by third-party security experts…”

Deploy WordPress Plugins from GitHub to the WordPress.org Plugin Repository
“10up has released a GitHub Action that enables developers to deploy to the WordPress.org Plugin repository by tagging a new version on GitHub. Helen Hou-Sandí, 10up’s Director of Open Source Initiatives, explained how it works…”

Security

Social Warfare Plugin Zero-Day: Details and Attack Data
“Vulnerability Details – The plugin features functionality that allows users to clone its settings from another site. However, this functionality was not restricted to administrators or even logged-in users. An attacker is able to input a URL pointing to a crafted configuration document, which overwrites the plugin’s settings on the victim’s site…”

Save your Page Builder/Plugin Templates and Configurations to the Cloud and access from ANY site

Hackers Abusing Recently Patched Vulnerability In Easy WP SMTP Plugin
“Over the weekend, a vulnerability was disclosed and patched in the popular WordPress plugin Easy WP SMTP. The plugin allows users to configure SMTP connections for outgoing email, and has a userbase of over 300,000 active installs. The vulnerability is only present in version 1.3.9 of the plugin, and all of the plugin’s users should update to 1.3.9.1 as quickly as possible to address the flaw…”

Community

WordCamp Miami Draws 100+ for Kid’s Camp, Plans to Host Standalone Kid’s WordPress Conference in Summer 2019
“The 11th edition of WordCamp Miami was held this past weekend, a three-day event that featured multiple learning workshops and six different tracks. The speaker ratio was 50% male and 50% female, and nearly half of the speakers were new to WordCamp Miami.,,”

How to Copyright Your Website’s Content
“Your website’s content is valuable, especially if it’s tied to your income. Therefore, protecting it from people who might want to copy and redistribute it without your permission is vital. This will help you maintain your site’s and business’ integrity, and avoid missing out on revenue…”

Plugins

Brizy Pro 0.0.19: 17 new premium layout packs
“In our continuous effort to make Brizy the tool of choice when it comes to building stunning websites, I’d glad to tell you that we’ve just added 17 new premium layout packs that will let you kick start client websites in minutes. That is another 99 layouts on top of the 56 we already have…”

Smush Now Has Lazy Loading… and it’s Free!
“If you thought Smush couldn’t get any better after 3.0, think again. Our CDN upgrade unlocked the future of site speed and WordPress performance – instantaneously delivering next-gen images at the right size for every container from our global image delivery network – 45 points of presence at 40 Tbps…”

Why I Hated NodeJS, Gulp, And Sass, And What I’m Doing About It
“It’s becoming increasingly difficult to tout yourself as a true “Pro” in the WordPress web development scene without some form of contact with these NodeJS powered package managers, task managers, and build tools. We’ve gone from debating our favorite code editors to arguing over which CSS pre-processor is king. Life was so much easier when all we had to deal with was a simple folder filled with CSS, PHP, and JS files…”

Client Portal – Private File Uploads
“This is a new feature introduced in CP version 4.6. This allows you to select Private file upload when selecting the module type. This support doc will explain how to use it and some notes to be aware of…”

WP Builds

Have you got WordPress plugin fatigue?
“If you’re a WordPress user then you’ve used heaps of plugins in the past. They enable WordPress to do anything don’t they? That’s WordPress’ greatest strength and it’s largest curse! There are so many to choose from, and all that choice leads to plugin fatigue. You never quite know if the plugin that you’re using is ‘the best’ and so you’re constantly on the look out for a newer, shinier plugin. The problem is that this cycle does not have an end…”

Groundhogg webinar plus 25% off
Go check out the webinar that we did with Adrian Tobey this week. Get 25% off the plugin and find out more about upcoming webinars!

Not WordPress, but useful anyway…

Myspace lost all the music its users uploaded between 2003 and 2015
“It’s been a year since the music links on Myspace stopped working; at first the company insisted that they were working on it, but now they’ve admitted that all those files are lost: ‘As a result of a server migration project, any photos, videos, and audio files you uploaded more than three years ago may no longer be available on or from Myspace. We apologize for the inconvenience’…”

The WP Builds podcast is sponsored this week by…

Kinsta
and
Page Builder Cloud

We thanks them for their support of WP Builds.

Transcript (if available)

Read Full Transcript

Nathan Wrigley: 00:00 Hello there. Good morning and welcome to this, the WP Builds weekly newsletter number 55. This covers the WordPress weekly news for the week commencing the 18th of March, 2019 and it was published on Monday the 25th of March, 2019 a couple of things before we begin. If you head over to WP Builds.com forward slash subscribe, there's a couple of forms there. One, we'll get you on a list which we'll tell you about this, the WordPress weekly news on a Monday and about our podcast on Thursday. The other list is all about deals and the idea is if you sign up to that list, I will alert you the moment I hear about a deal coming out in the WordPress space, so it might be 20% off a plugin or something like that and it will be a very simple, plain text email with a clear title so that you know whether you want to open it or simply bin it because it's of no interest on that page.

Nathan Wrigley: 00:49 Also, you can sign up to things like our feed on iTunes and Google play, Google podcasts. There's a Facebook group with about 1900 people. Youtube channel, messenger, updates and slack, all of that good stuff. Go and check it out at WP Builds.com forward slash. Subscribe. The other one is forward slash and deals and there's a whole heap of coupon codes for WordPress products worth checking out. If you're in the market for a new product, it might well be on there. We're adding new stuff all the time forward. Slash contribute. If you want to come onto the podcast with me, do a short 10 to 15 to 20 minute video about something that you've done recently. Forward slash, webinars. We've got a few webinars coming up, so check those out. As always, if you sign up and you can't make it, no big deal, we'll send you a video, but the, the webinars that we've got, we've got a Social Web Suites, we've got Tina Todorovich coming on, we've got lifter LMS, Chris Badgett from lifter LMS and then we've got Mor Cohen.

Nathan Wrigley: 01:45 I'm talking about her design class course and we've also got a Arindo Duque from Admin Pages Pro and WP Ultimo, so go and check those out. It might be worth looking at, might be something on there that you where you want to check out and the last one is forward slash advertise. Please. If you have a company or a product and you'd like it to be more well known, shall we say, go to forward slash advertise and find out what we can offer you. We've got banner ads and audio inserts.

New Speaker: 02:14 Speaking of which the WP Builds news is brought to you today by Kinsta. Are you tired of unreliable or slow hosting? If so, check out Kinsta who takes managed WordPress hosting to the next level powered by the Google cloud platform. All their plans include PHP seven ssh and 24 seven experts support migrate today for free at Kinsta dot com and we thank Kinsta for their support of the WP Builds podcast and newsletter.

Nathan Wrigley: 02:43 Right. Let's get stuck into today's new, shall we? Okay. The first item that I've got for you today can be found on the WP tavern website. It's entitled WordPress end support for PHP 5.2 to 5.5 bumps, a minimum required PHP version to 5.6 well, there's not really a lot to say about that. Is there really? You've now got to be on a minimum of PHP 5.6 and the idea is that it's going to be bumped again to PHP seven sometime later this year at the minute to mooted to be December, 2019 but if you are on a very, very old host, it's possibly time to move forward and well possibly persuade them or get yourself onto a host which has PHP seven on. There's some lovely charts on their illustrating where we're at at the moment and which different versions of PHP are being used, but it's a nice curve and recently we've had some nag messages in the WP admin saying, look, it's time to get yourself sorted out with your PHP version and it seems to be working.

Nathan Wrigley: 03:45 So that's good news and it's all going in the right direction. Okay. The next item is also on the WP tavern website entitled Gutenberg Introduces Block management, adds nesting to the cover block. And this is all in Gothenburg 5.3 it says Gutenberg 5.3 was released today with basic block management, a feature that will be included in WordPress 5.2. It's a new modal that can be launched from the vertical ellipses menu and it's inspired by Rich Tabor code blocks implementation. You can turn individual blocks on and off and kind of nest them underneath each other and it's a much more visual way of doing things and it leads to uh, a much less cluttered interface, shall we say. There's also some experimental things. For example, there's an hour legacy widget block. Obviously widgets are going out of the window at some point, but now we've got this experimental legacy widget block and it enables you with a dropdown menu to, to put your legacy widgets into a Gutenberg page or posts.

Nathan Wrigley: 04:49 So there's a couple of nice features there. I wonder how long the widgets will stay around. We'll wait and see, shall we? Okay. The next few articles all fall under the umbrella of security. And really I think that is the message from this week. The most of the news came from security related issues. And this is the first one. It's over at Wordfence.com and it's called social warfare plugin, zero day details and attack data during the course of this week. Quite a few of the people that I know did fall foul of this one and it being a zero day, it was reactive. People like Wordfence and the other security solutions had to react because it was being exploited in the wild. So the social warfare plugin was exploited in such a way that essentially things like links were being redirected to arbitrary places. Um, and we had a very large amount of people being infected.

Nathan Wrigley: 05:44 Now the, the problem was mitigated quite quickly by the plugin developer and allegedly simply updating the plugin, removed all traces of the, the vulnerability. So by updating the plugin you were then if you're like on hacked. So that was at least good. But there was a lot of loud voices saying, how could this happen? Because I've got a WordPress security plugin or I've paid for this service or that service and I suppose it leads us to talk about a security posture, not really that you've got a security solution because you know if it's a zero day nobody knows about it and we react as quickly as we can. But anyway, it was a horrible exploit. You can go and read the article on Wordfence is all about the technicalities of what was actually going wrong, but needless to say, if you've been using the social warfare plugin and you have not updated it recently, I think it's high time that you did and possibly go on a bit of a trawl of your website and click on some links and see what happened.

Nathan Wrigley: 06:44 Now the other one that came along this week also mentioned on the wordfence.com website is entitled, hackers abusing recently patched vulnerability in easy WP SMTP plugin. Again, a bit of a breakdown on this web page. You can go and check out what exactly went wrong in great detail. But this plugin was used on over 300,000 installs and I don't think things were being sanitized correctly in the way that they should have done. And it left sites vulnerable and lots and lots of people again explaining that their sites were completely taken over, um, and they were locked out. So good grief. Go and check out the website, the wordfence.com article because it explained what you're looking for and a few IP addresses to spot looking for those Ip addresses to see if anybody's tried to log in and certainly go and see if you've got anything like strange admin accounts and things.

Nathan Wrigley: 07:42 So two very, very nasty security problems this week and really making us all question, how on earth can we stop this stuff? And well, the answer is you can't. You've just got to probably back up as much as possible. Do what you can and be ready to react when things go wrong. Okay, next couple come under the title of community. First one is entitled WordCamp Miami draws a hundred plus for kids' camp plans to host standalone kids. The WordPress conference in Summer 2019 this was the Miami WordCamp. And they had lots and lots of kids coming along and they were playing with WordPress and having a jolly old time of it. And it's led to this idea that what maybe we need to do something for the kids in the future. It will be tailored for kids between the age of six and eight 18 and it's not going to be all about WordPress.

Nathan Wrigley: 08:33 It's going to be about things like WordPress, Minecraft, steam, you know, gaming, that kind of thing. But the idea is get them in early. Talk about WordPress as part of what we're doing and hopefully there'll be interested in how it works. Absolutely fascinating. We talked about this in WordCamp Nordic a couple of weeks ago and WordCamp Miami seem to be leading the charge on this. Absolutely brilliant. More than a hundred kids who are in attendance. So that's fascinating. Um, the next one is entitled how to copyright your website's content. Now, this isn't really a new piece of news, but it's something that for various reasons I won't explain, I had to deal with a couple of weeks ago and this article explains about how you might wish to copyright things, what you can copyright and how you can do it. If this problem has ever risen for you, you know you've needed to have something copyrighted. Maybe this article on the elegant themes.com website will be pertinent to you and it explains the benefits, how to actually do it.

Nathan Wrigley: 09:30 I should say that it's based upon the law in the United States, but it was something that I could take an awful lot of information from. So yeah, there we have included that under the community just in case you needed it, right? Loads of plugin updates this week. The first one that we're going to mention is breezy, the page builder. While breezy, I've added a whole load, 17 new premium layout packs and this page is absolutely massive. They've got a new pop up block and then 17 new layout packs and you can go and look at them all. Beautiful. And you can scroll what seems like an endless web page and look at all of the customized page templates that you can use by simply clicking a button. So a very cool, that's breezy pro 0.0 point 19 the next one I'm going to talk about is Smush, which is a WPMUDev plugin for squishing your images into smaller file sizes.

Nathan Wrigley: 10:24 Well now they've got this lazy loading feature, so the idea being it loads a very, very poor quality version and then as soon as it comes into the view port, it goes and seeks the high quality version. And if you link that up with the fact that they've got a CDN, which if you're a wpm, you Deb subscriber, you can make use of the global CDN, can take care of your images. It's quite a nice little package, really squished images, lazy loading and delivery from a CDN. Very nice, but a nice update. Indeed. The next one is from our good friend Eric Hamm over at Cobalt Apps that I am not going to go into the detail on this, but it's just a nice little article. It's entitled, why I hated no js Gulp and Sass and what I'm doing about it. And it's all about his journey over the last couple of years where up until then he was quite happy using CSS, PHP, JavaScript and so on.

Nathan Wrigley: 11:15 And then all of a sudden he's surrounded by people younger than him talking about things like no js and gulp and, and it's about how he got into it and what, what he's been doing in the at the moment for things. For example, like his Instant IDE product and theme pro and his journey. So if your in the old fashioned way of doing things and you want to explore how you might get into doing the new modern cool kids way of doing things. Oh go and check his article out. He's got a few videos on there as well and I just thought that was possibly worth sharing if you're about to embark on that journey. And the last under the title of plugins is Client Portal client portal. We had Laura Elizabeth on the podcast a few months ago and she's released a new update where you can have private file uploads.

Nathan Wrigley: 12:06 I think it was a much requested feature. If you are using the plug in, well now you can have files which aren't just available globally accessible by just typing in the URL. There is some some magic going on which means that you can't access it. There are certain caveats, so go and read this very, very short article, but if you've got client portal and you've been using it, then that's a nice little addition. You can lock down certain things that you've uploaded. A couple of things from me on the WP Builds podcast this week we had two things going on. The first one, David and I on episode 120 talked about WordPress plugin fatigue and our constant battle to get our sweet, sweet stack of WordPress plugins so that we know exactly what we want and we don't want to go out and fish for more and waste time looking for more.

Nathan Wrigley: 12:53 So we discussed that there was quite an interesting chat and also I did a Webinar with Adrian Toby over at Groundhogg, which is a WordPress plugin, which you can use as your marketing and CRM tool. We spent about an hour talking about how it works and he showed exactly how it all works, what the, what the features are and what it's capable of. And you can find that by clicking on the link if you're interested in taking your CRM solution inside of WordPress. It's very cool. And the last one, which has got nothing to do with WordPress at all, it's all about my space. If you know what my space is, you'll probably have a certain age, but it was very cool and massive and pre Facebook. Well apparently they've lost all the music data that was uploaded between 2003 and 2015 and for the longest time it felt to me that's what my space was.

Nathan Wrigley: 13:44 It was a repository for people's bands and people's music endeavors. Well, apparently it's all been lost. It was lost during a migration and it's never coming back. It's permanently gone. And there's been all sorts of speculation about, well, my space is failing. Have they just sort of deliberately accidentally lost it because they really don't want to pay the bills anymore for that kind of hosting all that data. Who knows, but it's gone. A sad nail, another nail in the coffin of my space, which was such a great website for such a long time. Right. That's it. That's all the news over. I hope you got something out of that.

New Speaker: 14:21 This week, the WP Builds newsletter was brought to you today by Kinsta. Kinsta Takes managed WordPress hosting to the next level, powered by the Google cloud platform. Your site is secured like Fort Knox and runs on speed obsessive architecture. You can access to the latest software and developer tools such as PHP seven, SSH and staging environments, and the best part, their expert team of WordPress engineers are available 24 seven if you need help and you can migrate today for free at.com and we do thank Kinsta for their support of the WP Builds newsletter.

New Speaker: 14:59 Okay. Join us on Thursday for the podcast. Maybe we'll see you back here again next week and go and check out the Webinar page as well, and maybe we'll see you on one of those as well. Bye. Bye for now.

RECOMMENDED STUFF

These are affiliate links and the small amount of income we derive from affiliate income allows us to pay the bills and keep the lights on

Do NOT follow this link or you will be banned from the site!

Get the lastest deals...

SUBSCRIBE TO GET DEAL UPDATES

WP Builds WordPress Podcast

SUBSCRIBE TO OUR

NEWSLETTER

WP Builds Podcast

WELCOME,

Enjoy luxury, exclusivity and discretion

NOW TREAT YOURSELF!

Get 25% Off & Free Shipping On Your First Order. Enter Code WELL25SPE

<