GitHub Launches Security Alerts for JavaScript and Ruby Projects, Python Support Coming in 2018

Last month GitHub launched its Dependency Graph feature that tracks a repository’s dependencies and sub-dependencies under the Insights tab. This week the company rolled out an expansion of the feature and will now identify known vulnerabilities and send notifications with suggested fixes from the GitHub community. Dependency graphs and security alerts are automatically enabled for…

Read more

7 Free Online Tools to Scan Websites for Security Vulnerabilities

In Q3 of 2016, Sucuri reported that WordPress again led all content management systems with the number of hacked websites. WordPress alone claimed ownership of 74% of all detected infections and vulnerabilities. Ugh. That’s always a huge let-down. With people already looking for reasons not to use WordPress or hearing horror stories about this very…

Read more

WPWeekly Episode 293 – WordPress 4.8.3, RIP Firebug, and Patreon

In this episode, John James Jacoby and I discuss the news of the week including, a behind the scenes look at how WordPress 4.8.3 was released, WordPress 4.9 RC1, and Patreon launching an app directory along with a free WordPress plugin. We also talk about the difficulties of surveys, from asking the right questions, to…

Read more

Is Your Website GDPR Compliant? How to Get Ready for the General Data Protection Regulations

The General Data Protection Regulation (GDPR) is important new legislation in the area of data protection. Developed by the European Union, it’s designed to strengthen individuals’ rights regarding the collection, use and storage of their personal data. The law applies to businesses or organisations in the European Union. Those outside the EU who offer goods…

Read more

WordPress 4.8.3, A Security Release Six Weeks in the Making

WordPress 4.8.3 is available and is a security release for 4.8.2 and all previous versions. This release addresses an issue with $wpdb->prepare() that could lead to a potential SQL injection. While WordPress core is not vulnerable, hardening has been added to prevent plugins and themes from inadvertently causing a vulnerability. If you’re experiencing a bit…

Read more

Postman SMTP Plugin Forked after Removal from WordPress.org for Security Issues

photo credit: Jerry KiesewetterIn early October the popular Postman SMTP plugin was removed from WordPress.org due to security issues. The plugin had not been updated in two years and also contained a reflected cross-site scripting (XSS) vulnerability that was made public in June and left unfixed. The security researcher’s attempts to contact the plugin’s author,…

Read more