wordpress

WordPress 4.4.2 Security Update is Out, Immediate Update Recommended

Posted on by Mario

Wordpress Security

It seems just last week, WordPress has updated its platform, but now it has already upgraded its platform into 4.4.2 version, and we guess the update will still continue in order to enhance its performance. The upgraded actually brings many good benefits to its users. If you are web developer who loves to use WordPress as your platform, you better find out this new information as it is predicted that there are many changes made by WordPress.

After reviewing WordPress 4.4.1, now WordPress has released its latest version, which is named WordPress 4.4.2, a security update for all versions which is now available for download, so we strongly encourage you to update your sites immediately. There are several upgrading done in WordPress 4.4.2. Two security issues were identified in WordPress 4.4.1 and earlier, including possible SSRF for certain local URls, and an open redirection attack.

To clarify what is SSRF and open redirect attack is, we will give a little review about it.

SSRF stands for ‘server side request forgery’ and can be deployed by attackers to bypass access controls, such as firewalls, and ultimately crash your system.

While open redirect is a bit more straight forward, it would take a trusted site and redirect visitors to an untrusted site, with the goal to get visitors to land on phishing sites or any other type of malicious site.

Besides, fixing the two major security issues, other repairs are also found in WordPress 4.4.2, such as fixing 17 bugs from the previous version, 4.4 and 4.4.1.

So, if you are interested in having WordPress latest version, you can download WordPress 4.4.2 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.4.2.

If your version of WordPress has not automatically updated, then update it manually. In the end, you need to make sure that you check your themes and plugins for updates as well.

WordPress 4.4.1 Security Update and Maintenance Released

Posted on by Mario

WordPress Security Update Released Immediate Download Recommended

Here is good news for any web developer around the world, since a new version of security update has been released for WordPress version 4.4. Therefore you need to update your site immediately and develop it by yourself! This version is actually a security and maintenance release which fixes a flaw that could allow a site to be compromised by a cross-site scripting vulnerability which is a type of code injection where malicious content can pass from one site to another through bypassing the same origin policy.

Along with providing security update, WordPress also provides a few maintenance updates to its latest version, 4.4.1. This update contains the inclusion of diverse emoji sets. Another issue also arises that if the URL of a post was ever re-used, it would redirect to the wrong post. Here are several non-security bug fixes:

  • Emoji support has been updated to include all of the latest emoji characters, including the new diverse emoji
  • Some sites with older versions of OpenSSL installed were unable to communicate with other services provided through some plugins.
  • Removal of Rdio embed support, plugins failing to update after WordPress 4.4 is installed, and a handful of changes to responsive images.

In fact, in this update, WordPress 4.4.1 fixes 52 bugs that have occurred since release of version 4.4. With more than 10 million downloads, WordPress is the most popular CMS on the Web, but it’s also the most attacked. It’s not uncommon for malicious actors to exploit vulnerabilities in both WordPress itself and various plugins. WordPress websites are also reported as easily to attack on the fact that many administrators rarely set strong passwords for their accounts. Therefore, through this update, it is hoped that users can feel more satisfied. In fact, you can Download WordPress 4.4.1 or venture over to Dashboard Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.4.1.

Introducing Tutorial of WordPress Management with WP-CLI

Posted on by Mario

Advanced wordpress management with WP-CLI

Create a code in your website by using command line interface has always been popular among developers, as it can lift up productivity and speed up the development process.  If you are already getting used to with graphical interface, you may feel a bit difficult in using command line to perform certain tasks. Therefore, we are going to prove that this statement is not all true, at least for WordPress tasks.

For a long time, a graphical user interface in WordPress has helped to make it the most popular content management system on the website development, as this command graphic is provided in every administrative task. However, in terms of productivity, working with the command line allows you to manage a lot of tasks more quickly and efficiently.

So, what WP-CLI is actually?

WP-CLI is a set of command-line tools that provide such functionality for managing WordPress websites. Therefore, in this tutorial, I’m going to describe how to run the common tasks in WP-CLI, by showing you several advanced commands, so you can quickly understand how to operate it.

Common Tasks

This article is intended to give you some basic usages of WP-CLI, let’s check some tasks that can be performed on the command line.

INSTALL A WORDPRESS WEBSITE
core is a basic of WP-CLI command, which offers a set of powerful tools for managing WordPress installations. The first step in setting up a new WordPress website is by downloading the package. Direct to the preference directory and type:

1

This will download the latest version of WordPress in English (en_US). Another version or language also can be downloaded by using the –version and –locale parameters. For example, to use the Greek localization and 4.2.2 version, you would type:

2

Once the download is finished, you can create the wp-config.php file using the core config command:

3

This command will use the arguments and create a wp-config.php file. Eventually, to install WordPress, apply the core install command:

4

UPDATE CORE

If you need an update for your WordPress installation, use the wp core update and wp core update-db subcommands to update the core files and the database (if the database needs to be updated). WordPress updates, especially security fixes, are important. To make them happen more quickly, use the core update command and (if needed) the core update-db command:

If you want to know the current version of your installation using core version:

5

Initially, updating in the command line might not seem more efficient than doing it from the dashboard, but if you’re maintaining multiple WordPress installations, but in order to save time and clicks, you can maintain multiple WordPress installations. You can create a script and update them all at once:

7

In any case, before any update process is recommended you need to backing up your database:

8

MANAGE PLUGINS

Managing plugins is a matter of a single command. For instance, plugin status returns information about installed plugins and their status- A means active, I means inactive and UA means update available-work like this:

9

Other plugin-related subcommands are install, activate,deactivate, update, delete and search, which can be used like in the following example:

10

MANAGES THEMES

You can use the same basic commands like you usually use to handle a website’s theme by just replacing plugin with theme. One noteworthy command is scaffold, which creates an empty child theme, making that process much shorter:

11