New Year’s WordPress Housekeeping Tips

WordPress Attachment Details

I wish I had seen this in December as I like to do year-end cleanup and new year planning during the holidays. Since it was only published yesterday, I’ll share it with you anyway because it has such wonderful information.

These things should be done on a regular basis, not just at the start of each year. It will serve as a good reminder checklist. Here are the thirteen items it lists:

  • Better Image Data
  • Optimize Your Installation
  • Optimize Your Images
  • Find and Learn Great Tools
  • Automate Your Workflow
  • Optimize Your Interface
  • Taxonomies Are Your Friend
  • Remove Unnecessary Plugins
  • Use Rich Content
  • Perform a Security Overhaul
  • Start a Blog
  • Contribute Back
  • Start Learning to Code

I see a number of things that I’ve been meaning to do and think that perhaps 2015 will be a good time to start. Things like the last three items on the list.

Here is the link to the full article:

Start the Year off Right with These WordPress Housekeeping Tips (Daniel Pataki, wpmudev.org)

 

Three new WordPress plugin vulnerabilities and what to do about them

WordFence reports three new WordPress plugin vulnerabilities. These security related issues should be resolved as soon as possible.

The plugin Complete Gallery Manager 3.3.3 contains a remotely exploitable file upload vulnerability. Code Canyon, the vendor, recently released a fix. Immediately upgrade to 3.3.4 which contains a fix for this serious vulnerability.

A shell upload vulnerability has emerged in an older version of Lazy SEO version 1.1.9. Make sure you’re running the newest version of this plugin which is 1.4.1.

An SQL injection vulnerability has emerged in the NoSpamPTI plugin. This plugin is deprecated and is no longer maintained by the developer so we recommend you uninstall it and find an alternative.

Wordfence is a CyberSecurity solution for WordPress providing anti-virus and firewall protection for WordPress installed web sites.

Just Released: WordPress 3.5.2, for Maintenance and Security

The second maintenance release of WordPress 3.5, fixing 12 bugs is now available. This is a security release for all previous versions. Web site owners are encouraged to update their installations immediately.

The security fixes include:

  • Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site.
  • Disallow contributors from improperly publishing posts or reassigning the post’s authorship.
  • An update to the SWFUpload external library to fix cross-site scripting vulnerabilities.
  • Prevention of a denial of service attack, affecting sites using password-protected posts.
  • An update to an external TinyMCE library to fix a cross-site scripting vulnerability.
  • Multiple fixes for cross-site scripting.
  • Avoid disclosing a full file path when a upload fails.

More information and download at: http://wordpress.org/news/2013/06/wordpress-3-5-2/

WordPress 3.3.1 Security and Maintenance Release

WordPress 3.3.1 just released last night.

This maintenance release fixes 15 issues with WordPress 3.3. It also fixes a cross-site scripting vulnerability that affected version 3.3.

Link to WordPress 3.3.1: http://wordpress.org/news/2012/01/wordpress-3-3-1/