Experiment with a new look for your site with themes created to take advantage of Full Site Editing.
Wordfence detected a total of four vulnerabilities in the Ninja Forms WordPress plugin that could allow attackers to:
- Redirect site administrators to random locations.
- Install a plugin that could be used to intercept all mail traffic.
- Retrieve the Ninja Form OAuth Connection Key used to establish a connection with the Ninja Forms central management dashboard.
- Trick a site administrators into performing an action that could disconnect a site’s OAuth Connection.
Those vulnerabilities could lead to attackers taking control of a site and performing any number of malicious actions.
Due to the severity of the exploits, an immediate update of the plugin is recommended. As of February 8 all vulnerabilities are patched in version 188.8.131.52 of the Ninja Forms plugin.
Ninja Forms is a popular plugin that allows site owners to build contact forms using an uncomplicated drag and drop interface.
It currently has over 1 million active installations. If you have a contact form on your site, and you’re not sure which plugin it’s built with, it’s worth checking to see if you’re using Ninja Forms.
A quick update of the plugin will protect your site from all the above listed vulnerabilities.
The speed at which these vulnerabilities were patched shows how committed the plugin’s developers are to keeping it safe.
Wordfence reports it made the Ninja Forms developers aware of the vulnerabilities on January 20, and they were all patched by February 8.
Vulnerability Exploits – The 3rd Greatest Threat to WordPress Sites
Vulnerability exploits are a significant threat to WordPress sites. It’s important to update your plugins regularly so you have the latest security patches.
A report published last month lists vulnerability exploits as third among the top 3 threats to WordPress sites.
In total there were 4.3 billion attempts to exploit vulnerabilities from over 9.7 million unique IP addresses in 2020.
It’s such a common attack that out of 4 million sites analyzed in the report, every one of them experienced at least one vulnerability exploit attempt last year.
Adding a firewall to your WordPress site is another way to keep it safe, as it can prevent attackers from abusing plugin vulnerabilities even if they haven’t been patched yet.
When adding a new plugin to your site it’s a good practice to check when it was last updated. It’s a good sign when plugins have been updated within recent weeks or months.
Abandoned plugins are a greater threat to sites because they may contain unpatched vulnerabilities.
For more tips on keeping your site safe, see: How to Protect a WordPress Site from Hackers.
Avoid Pirated Plugins
Avoid using pirated versions of paid plugins at all costs, as they’re the source of most widespread threat to WordPress security.
Malware from pirated themes and plugins is the number one threat to WordPress sites. Over 17% of all infected sites in 2020 had malware from a pirated plugin or theme.
Until recently it was possible to download pirated plugins from official WordPress repositories, but as of this week they have been removed.
Customize Your Entire Site With New Block Themes – WordPress.com News
Customize Your Entire Site With New Block Themes
Don’t worry if you’re just hearing about Full Site Editing for the first time. We’ve been releasing these new tools in a way that doesn’t actually require you to do anything with your existing site(s). If you are up for a change though, we’re happy to announce the launch of a brand new family of themes made specifically with Full Site Editing features in mind. As of this writing we have over two dozen themes available that support Full Site Editing.
These new themes have been designed with a wide variety of sites cases in mind. But their potential stretches well beyond their screenshots and demo sites. Because each theme is fully editable in the Site Editor, every one of these themes can be heavily customized to fit your site’s needs. You can start with theme that features single minimalist homepage, and then add as many menus and sidebars as you wish. Or, you can start with a complex business theme and strip it down to something minimal to suit your vision.
The Site Editor also includes a new feature called “Global Styles,” which allows you to edit site-wide settings for color, typography, and more. You’re free to change your theme’s default color scheme to whatever fits your mood, or even make all site text larger or smaller in a couple of clicks. To kick off this new feature, we’re also providing a few pre-built variations on some of these new themes.
All the new themes and variations can be found in the Theme Showcase. Or, if you’re starting a fresh site, they’ll be offered to you automatically in the site creation flow. This collection of themes is just the beginning, and we’re excited to continue launching a variety of diverse theme options for you. What would you like to see in the next set of themes on WordPress.com?
How Big Data, IoT, Robotics and Modern Tech Are Revolutionizing the Retail Industry
SEO For Ecommerce Product Pages: 20 Do’s & Don’ts
How AI-generated images can streamline your SEO game with DALL-E 2
2023’s Digital Marketing Trends for Small Business
Ahead of World Cup, influencer ‘Mr Q’ lifts veil on Qatar
What We’re Seeing From The Fifth Google Product Reviews Update
55% of UK IT pros trust public cloud providers less than two years ago
SEO For News Publishers: Your Next Must-Attend Event
10 SEO Techniques for More Traffic
5 Writing Tricks to Make Your SEO Content Rank Higher
How to Create UTM Tracking URLs on Google Analytics
Google Is Not Yet Done Rolling Out The Helpful Content Update
How to Target Keywords With Blog Posts
Google On Why Helpful Content Update Seems Quiet
If You Love Escape Rooms, You’ll Love the Elaborate Puzzles of Zero Escape: Zero Time Dilemma
Why & How Machine Learning Took Over Paid Advertising
Google Updates Documentation On Meta Descriptions
The Ultimate SEO Checklist For Boosting Organic Traffic: 6 Highlights
Google Learning Video Structured Data Docs Breaks Out educationalLevel
How to limit your reliance on canonicals and boost crawl efficiency
SOCIAL6 days ago
Google Adds More Options to Manage Ad Assets and Extensions
SEARCHENGINES5 days ago
Confusion Over Google Search Console’s HTTPS Is Invalid And Might Prevent It From Being Indexed
GOOGLE6 days ago
Google Introduces Cloud Backup and Disaster Recovery
MARKETING5 days ago
How To Optimize Images for the Web