WordPress 4.4.2 Security Update is Out, Immediate Update Recommended

Wordpress Security

It seems just last week, WordPress has updated its platform, but now it has already upgraded its platform into 4.4.2 version, and we guess the update will still continue in order to enhance its performance. The upgraded actually brings many good benefits to its users. If you are web developer who loves to use WordPress as your platform, you better find out this new information as it is predicted that there are many changes made by WordPress.

After reviewing WordPress 4.4.1, now WordPress has released its latest version, which is named WordPress 4.4.2, a security update for all versions which is now available for download, so we strongly encourage you to update your sites immediately. There are several upgrading done in WordPress 4.4.2. Two security issues were identified in WordPress 4.4.1 and earlier, including possible SSRF for certain local URls, and an open redirection attack.

To clarify what is SSRF and open redirect attack is, we will give a little review about it.

SSRF stands for ‘server side request forgery’ and can be deployed by attackers to bypass access controls, such as firewalls, and ultimately crash your system.

While open redirect is a bit more straight forward, it would take a trusted site and redirect visitors to an untrusted site, with the goal to get visitors to land on phishing sites or any other type of malicious site.

Besides, fixing the two major security issues, other repairs are also found in WordPress 4.4.2, such as fixing 17 bugs from the previous version, 4.4 and 4.4.1.

So, if you are interested in having WordPress latest version, you can download WordPress 4.4.2 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.4.2.

If your version of WordPress has not automatically updated, then update it manually. In the end, you need to make sure that you check your themes and plugins for updates as well.

WordPress 4.4.1 Security Update and Maintenance Released

WordPress Security Update Released Immediate Download Recommended

Here is good news for any web developer around the world, since a new version of security update has been released for WordPress version 4.4. Therefore you need to update your site immediately and develop it by yourself! This version is actually a security and maintenance release which fixes a flaw that could allow a site to be compromised by a cross-site scripting vulnerability which is a type of code injection where malicious content can pass from one site to another through bypassing the same origin policy.

Along with providing security update, WordPress also provides a few maintenance updates to its latest version, 4.4.1. This update contains the inclusion of diverse emoji sets. Another issue also arises that if the URL of a post was ever re-used, it would redirect to the wrong post. Here are several non-security bug fixes:

  • Emoji support has been updated to include all of the latest emoji characters, including the new diverse emoji
  • Some sites with older versions of OpenSSL installed were unable to communicate with other services provided through some plugins.
  • Removal of Rdio embed support, plugins failing to update after WordPress 4.4 is installed, and a handful of changes to responsive images.

In fact, in this update, WordPress 4.4.1 fixes 52 bugs that have occurred since release of version 4.4. With more than 10 million downloads, WordPress is the most popular CMS on the Web, but it’s also the most attacked. It’s not uncommon for malicious actors to exploit vulnerabilities in both WordPress itself and various plugins. WordPress websites are also reported as easily to attack on the fact that many administrators rarely set strong passwords for their accounts. Therefore, through this update, it is hoped that users can feel more satisfied. In fact, you can Download WordPress 4.4.1 or venture over to Dashboard Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.4.1.

How to Know Your Article is Pretty Bad according to Google

How to Know Your Article is Pretty Bad according to Google

Knowing what thin content is will help avoiding yourself from getting hit by any kind of Google update, if you work in SEO services, having good articles is a must, as it can be one of the important ways to meet Google’s standard and reach a higher rank in Google first page.

Therefore, familiarizing yourself with what not to do is one of the best ways to ensure you create “phantom-friendly” content. What we actually know about thin content is that it is usually contained low-quality. In fact, articles are categorized into bad content if they contain thin content. If you do not have any detail information about what thin content is, you can rely on this small list, as it comes straight from Google:

  1. Duplicate or redundant posts

Having neat-duplicate content on your site separated by only a line or so of unique content is a big no. In fact, doing straight duplicates is a very big problem. Therefore, you need to find out areas to add small bits of unique content, either with rewritten descriptions or a unique one to two sentence introduction.

  1. Affiliate pages (with links) that have little to no valuable content

Applying too much ad will also make your sites considered thin. Either scale back on the ads you are showing or bulk up your content. Honestly, doing a mixture of both is probably the right combination. But, please consider the need of your user experience as the supreme target.

  1. Poorly Written Blog Posts or Articles

If you think creating a new content is enough, well it doesn’t guarantee you to avoid the Google phantom. So, often people think that creating a new article will help your content get a better rank; in fact, a new content will also need to be rich with knowledge or information rather than just being new.