Connect with us

WORDPRESS

WordPress: Bugs Detected in Ninja Forms Plugin, 1M Sites Affected

Published

on

wordpress:-bugs-detected-in-ninja-forms-plugin,-1m-sites-affected

Four major bugs in the Ninja Forms plugin for WordPress have been detected.

Immediate update is recommended.

Exploits detected in the Ninja Forms plugin for WordPress, installed on over a million sites, can lead to a complete site takeover if not patched.

Wordfence detected a total of four vulnerabilities in the Ninja Forms WordPress plugin that could allow attackers to:

  • Redirect site administrators to random locations.
  • Install a plugin that could be used to intercept all mail traffic.
  • Retrieve the Ninja Form OAuth Connection Key used to establish a connection with the Ninja Forms central management dashboard.
  • Trick a site administrators into performing an action that could disconnect a site’s OAuth Connection.

Those vulnerabilities could lead to attackers taking control of a site and performing any number of malicious actions.

Due to the severity of the exploits, an immediate update of the plugin is recommended. As of February 8 all vulnerabilities are patched in version 3.4.34.1 of the Ninja Forms plugin.

Ninja Forms is a popular plugin that allows site owners to build contact forms using an uncomplicated drag and drop interface.

It currently has over 1 million active installations. If you have a contact form on your site, and you’re not sure which plugin it’s built with, it’s worth checking to see if you’re using Ninja Forms.

A quick update of the plugin will protect your site from all the above listed vulnerabilities.

Advertisement

The speed at which these vulnerabilities were patched shows how committed the plugin’s developers are to keeping it safe.

Wordfence reports it made the Ninja Forms developers aware of the vulnerabilities on January 20, and they were all patched by February 8.

Vulnerability Exploits – The 3rd Greatest Threat to WordPress Sites

Vulnerability exploits are a significant threat to WordPress sites. It’s important to update your plugins regularly so you have the latest security patches.

A report published last month lists vulnerability exploits as third among the top 3 threats to WordPress sites.

In total there were 4.3 billion attempts to exploit vulnerabilities from over 9.7 million unique IP addresses in 2020.

It’s such a common attack that out of 4 million sites analyzed in the report, every one of them experienced at least one vulnerability exploit attempt last year.

Adding a firewall to your WordPress site is another way to keep it safe, as it can prevent attackers from abusing plugin vulnerabilities even if they haven’t been patched yet.

When adding a new plugin to your site it’s a good practice to check when it was last updated. It’s a good sign when plugins have been updated within recent weeks or months.

Abandoned plugins are a greater threat to sites because they may contain unpatched vulnerabilities.

Advertisement

For more tips on keeping your site safe, see: How to Protect a WordPress Site from Hackers.

Avoid Pirated Plugins

Avoid using pirated versions of paid plugins at all costs, as they’re the source of most widespread threat to WordPress security.

Malware from pirated themes and plugins is the number one threat to WordPress sites. Over 17% of all infected sites in 2020 had malware from a pirated plugin or theme.

Until recently it was possible to download pirated plugins from official WordPress repositories, but as of this week they have been removed.

Source: Wordfence

Read More

Advertisement

WORDPRESS

Customize Your Entire Site With New Block Themes – WordPress.com News

Published

on

Customize Your Entire Site With New Block Themes – WordPress.com News

Customize Your Entire Site With New Block Themes

Experiment with a new look for your site with themes created to take advantage of Full Site Editing.

In case you missed it, we’ve been rolling out a new set of powerful site design tools called Full Site Editing (or “FSE”) and it’s now available for all WordPress.com users!

Don’t worry if you’re just hearing about Full Site Editing for the first time. We’ve been releasing these new tools in a way that doesn’t actually require you to do anything with your existing site(s). If you are up for a change though, we’re happy to announce the launch of a brand new family of themes made specifically with Full Site Editing features in mind. As of this writing we have over two dozen themes available that support Full Site Editing.

These new themes have been designed with a wide variety of sites cases in mind. But their potential stretches well beyond their screenshots and demo sites. Because each theme is fully editable in the Site Editor, every one of these themes can be heavily customized to fit your site’s needs. You can start with theme that features single minimalist homepage, and then add as many menus and sidebars as you wish. Or, you can start with a complex business theme and strip it down to something minimal to suit your vision.

The Site Editor also includes a new feature called “Global Styles,” which allows you to edit site-wide settings for color, typography, and more. You’re free to change your theme’s default color scheme to whatever fits your mood, or even make all site text larger or smaller in a couple of clicks. To kick off this new feature, we’re also providing a few pre-built variations on some of these new themes.

All the new themes and variations can be found in the Theme Showcase. Or, if you’re starting a fresh site, they’ll be offered to you automatically in the site creation flow. This collection of themes is just the beginning, and we’re excited to continue launching a variety of diverse theme options for you. What would you like to see in the next set of themes on WordPress.com?

Source link

Advertisement
Continue Reading

DON'T MISS ANY IMPORTANT NEWS!
Subscribe To our Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

Trending

en_USEnglish