|
|
|
|
This week in WordPress
|
|
Security update forced on 1+ million websites using Loginizer plugin
|
|
|
The WordPress Security Team took the rare step of pushing a forced security update to over a million sites this week after a dangerous vulnerability was discovered in the popular Loginizer plugin.
|
Ironically, Loginizer offers WordPress security. The five-star rated free version provides brute force protection. Worryingly, as Slavco highlights in a detailed proof-of-concept on his blog, the plugin had been audited by security companies, including WPSec and Dewhurst Security.
|
ZDNet security reporter Catalin Cimpanu reports there was a "public backlash" after the forced update, but WPTavern's take that it "took some of the plugin's users by surprise" is a more accurate take on the situation. Several users in the WordPress Support Forums with auto-updates disabled have asked why their versions of Loginizer had been updated without their interventoin, with one user noting it was "Quite strange."
|
"WordPress can forcibly push updates. As long as the process is robust then I'm all in favour," tweets security specialist Gavin Johnson-Lynn, while WebMatros owner Oliver Nielsen tweets "IMO, the forced security patching of the Loginizer plugin vulnerability is a great thing 👍🏼 Does no harm, and has **prevented** LOTS of harm."
|
Meanwhile, Strattic co-founder and CEO Miriam Schwab took the opportunity to spruik her product, tweeting: "I think WordPress made the right move by forcing sites to update Loginizer to patched version, even if it's controversial. Loginizer ironically adds extra security to WP login pages. Also, Strattic sites don't even have login pages that need securing…"
|
|
|
|
|
|
Block-based widgets also dropped from WordPress 5.6
|
|
|
The call comes after the team recently dropped block-based navigation menus from the WordPress 5.6 feature list. Both block-based widgets and navigation menus were originally planned for WordPress 5.5.
|
As Justin explains, a new widgets admin screen has been in development since January 2019, which was not long after the initial launch of the block editor in WordPress 5.0. For now, the block-based widgets feature has been pushed to WordPress 5.7.
|
"I think the best feature of 5.6 is going to be that they didn't include half baked underdone features to meet an arbitrary deadline. It takes guts," comments WordPress developer Cameron Jones. "I'd rather have one new feature that works as opposed to 10 that don't. We are talking about shipping a release to millions of production sites after all," adds EggCup Web Design owner Ian Pegg.
|
|
|
|
|
Google rival MakeStories launches new version of its web stories plugin
|
|
|
|
|
|
|
In other WordPress news...
|
|
- – Past Twenty default WordPress themes are getting new block patterns, reports Justin Tadlock. Mel Choyce-Dwan, the Default Theme Design Lead for WordPress 5.6, opened 10 tickets about two months ago with the intention of bringing new block features to all of the 10 past default themes. "It is a lofty goal that could breathe some new life into old work from the previous decade," Justin says.
- – Gutenberg 9.2 is out and it's the final release to make it into WordPress 5.6 Beta. New features in this version include support for video subtitles, the ability to transform multiple selected blocks into a Columns block, and background patterns in Cover blocks, writes WordPress 5.6 Editor Tech Lead Isabel Brison, who's an Automattic JavaScript Engineer.
- – WPMU DEV is celebrating 1,000 editions of The WhiP, its puntastic newsletter, with a t-shirt giveaway. Fun fact: Rae Morey who writes The Repository (editor: hello!) started The WhiP back in 2014. It's great to see it still going strong! "I've enjoyed the @wpmudev techie puns since the beginning of the newsletter. 'You had me at "hello world"' is certainly my favorite of the T-shirt bunch. #WhiP1000" tweets Doug Smith, co-founder of Simply Charlotte Mason.
- – Meanwhile, Sarah Gooding writes that WooCommerce is testing a new Instagram shopping checkout feature for its Facebook for WooCommerce plugin. The free extension is used on more than 900,000 websites and will provide the bridge for store owners who want to take advantage of Instagram's market during a time when the pandemic has heavily skewed consumer behavior towards online shopping.
- – Awesome Motive has acquired popular web push notification platform PushEngage and its entire team, including founder Ravi Trivedi. Awesome Motive founder and CEO Syed Balkhi says over 10,000+ customers in 150+ countries use the platform to reliably send over 9 billion notifications each month.
|
|
|
|
|
Not subscribed? Join the most conversational weekly email in the WordPress community!
|
|
|
|
|
|
|
|