WordPress 4.7.2 post mortem
A few weeks ago, WordPress released version 4.7.2 to
address several security vulnerabilities, including one critical one.
This vulnerability allowed a remote, unauthorised attack to update web pages via
the REST API. Since then, hundreds of thousands of … Read more
For maximum security, use esc_html_e() instead of _e() (and esc_html__()/__()), to ensure any unwanted HTML snuck into a translation file is neutralised. For strings that have HTML in them, use wp_...Read more »
Learn how to improve the speed of your WordPress site by understanding the three domains of website performance, and how to influence each for max speed.Read more »