Tips to speed up WordPress, serve gzip compressed static HTML files

Who said WordPress is slow on Windows Server IIS? Gzip compress and serve WP-Super-Cache or Cache Enabler static HTML files, to supercharge your WordPress blog. Here is how to serve gzip compressed HTML files through Windows Server IIS: create smaller, compressed, static HTML files, that are downloaded faster. This works with WP-Super-Cache and Cache Enabler on IIS!

Read More

10% WordPress plugins in top ~1000 is vulnerable, a PHP static code analysis shows

Marcin Probola conducted a PHP static code analysis of the top ~1000 WordPress plugins, and the results showed 103 plugins were vulnerable to at least one vulnerability type (XSS, SQL injection). This is roughly 10 percent! Marcin Probola writes that scanning results were manually verified in his spare time and delivered to official plugins@wordpress.org from 04.07.2015 to 31.08.2015. Most of reported plugins are already patched, […]

Read More

High-risk vulnerabilities in TheCartPress leaves WordPress sites at risk

TheCartPress eCommerce Shopping Cart – a popular WordPress e-commerce plugin that is actively used on over 5,000 websites – contains high-risk vulnerabilities that can be exploited to compromise customers’ data, execute arbitrary PHP code, and perform Cross-Site Scripting attacks against users of WordPress installations, claim High-Tech Bridge researchers. Users are advised to disable or remove the plugin.

Read More

XSS Vulnerability Affecting Multiple WordPress Plugins

Where the Vevida Optimizer WordPress plugin kept plugins on all my WordPress sites up-to-date: Sucuri reports that multiple WordPress plugins are vulnerable to Cross-site Scripting (XSS) due to the misuse of the add_query_arg() and remove_query_arg() functions. These are popular functions used by developers to modify and add query strings to URLs within WordPress. If you haven’t configured automatic updates for WordPress plugins, please update NOW!

Read More

Install WordPress plugins without WP-admin access

Install WordPress plugins without admin access, and automate your WordPress customization and plugin installation. WordPress has a little drop-in plugin option available in the form of /wp-content/install.php. This install.php file is not present at default, but when created it can be used to install plugins without wp-admin access. This might come in handy for unattended WordPress installations, customization, and so on.

Read More