Proof of Concept for “viewing unauthenticated posts” in WordPress 5.2.3

A couple of days WordPress released 5.2.4 with a few security patches. Props to J.D. Grimes who found and disclosed a method of viewing unauthenticated posts. caught my attention, but I couldn’t find a public Proof of Concept, so I set out to reverse engi… Read more

Read full article

Similar

WordPress Plugin Acceptance Test with Codeception on VVV

Tutorial on how to leverage Varying Vagrant Vagrants, Codeception and wp-browser to write acceptance tests for WordPress plugins.

WordPress ACF plugin takeover (not forked)

On behalf of the WordPress security team, I am announcing that we are invoking point 18 of the plugin directory guidelines and are forking Advanced Custom Fields (ACF) into a new plugin, Secure Cus… (more…)

Hackers exploit WordPress plugin flaw that gives full control to 12M sites

Elementor Pro fixed the vulnerability, but not everyone has installed the patch. (more…)

Lessons from failing to sell WordPress themes (during the gold rush)

I started to sell WordPress themes at the start of the "gold rush" when premium themes first emerged. These are the lessons learned – so you can avoid them.

5 Pitfalls of Using a Free SSL on WordPress – The Blogging Musician

I recently took the plunge to move my site https using a free SSL provided by my hosted company. Here's 5 pitfalls I encountered in doing so. (more…)

Latest News

JavaScript Views, the Hard Way – A Pattern for Writing UI

Some Facts About Vim

Sorting 7 elements using only if-else statements in Python