20170407 Vulnerable Plugins/Themes Report and PSA

This week’s report.

Wanted to do a couple of quick PSA’s. First, SiteLock disclosed earlier this week that they are starting to see backdoor scripts masquerading as a legitimate SEO plugin.  This isn’t a particularly new attack method as we’ve seen it quite a few times in the past.  However, it’s a good reminder that you should be intimately familiar with the plugins you have installed.  If there’s one there you don’t remember installing or know nothing about, that’s a red flag.  In addition, you should be monitoring your site and have alerts enable for plugin installations and activations.

Second, start preparing for the WordPress v4.7.4 update.  The core team has been hard-at-work fixing bugs that will be bundled up into the 4.7.4 update.  4.7.4 is currently scheduled for release the first week of May.

Third, the results of the WordPress Editor Experience survey have been published.  Highlights, IMO are:

  • Half of the respondents use the Text editor at least sometimes
  • But almost half never use the markup buttons
  • 76% never use the distraction free option (I never use it)
  • Just under a third have added a shortcodes plugin (ugh) to extend the editor
  • 90% of respondents who use a screen reader felt the editor experience is sufficient or better

Fourth, Wordfence released their Attack Report for March yesterday.  Interestingly, WP Mobile Detector has jumped back up to the #3 spot in most attempted exploit for a plugin.  Also, Really Simple Guest Post jumped into the top 10.  Otherwise, the other 8 are pretty much the same from the top 10 in February.

FifthWordCamp Kansas City is in just a couple of weeks (28th and 29th).  If you haven’t purchased your tickets yet, you need to get on that before they sell out!  $40 for two days of professional development. Forty sessions in total.  Lunch (and coffee+snacks for breakfast) provided for both days.  That’s an incredible value. If you are in Columbia, MO and want to carpool, let me know.

Last, if you live in Columbia, MO Steve Struemph and I are in the beginning stages of starting a WordPress meetup for Columbia. If you are interested in joining, or helping us, please get in touch with one of us!