WordPress 5.9.1 is now available!
Archive for security
987 results.
WP Briefing: Episode 25: Five Cents on Five for the Future
Feb21
on February 21, 2022
at 12:00 pm
Posted In: Uncategorized
In this twenty-fifth episode of the WordPress Briefing, Executive Director, Josepha Haden Chomphosy discusses future-proofing the WordPress project with the Five for the Future pledge. Have a question you’d like answered? You can submit them to [email protected], either written or as a voice recording. Credits Editor: Dustin Hartzler Logo: Beatriz Fialho Production: Chloé Bringmann & Santana Inniss Song: […]
Your feedback is invaluable to our research and product development. Please take a moment to complete the two surveys below to help us best serve you: …
The post We Want To Hear From You first appeared on cPanel Blog.
Comment
In June 2021, @beafialho in collaboration with @pablohoney floated the idea of giving WordPress News a new look. Today, those ideas become a reality—we’re excited to share that redesign of WordPress News is live! The new design leans on the aesthetics of jazz, intrinsically connected to WordPress and which ultimately translates its uniqueness, historic significance […]
As cPanel & WHM Version 102 nears its release, many of you have reached out to us with feedback about Jupiter, as it appears in the end-user interface as well as WHM. Thank you! We’ve been listening carefully and are happy to now share what we’ve learned, as well as our game plan going forward. Within WHM In v102, we revealed Jupiter in WHM. We haven’t addressed WHM’s user experience in quite some time, so …
The post Jupiter, Version 102, and You! first appeared on cPanel Blog.
You’ve likely seen our requests for beta testers over the past few months, as well as the mentions in our newsletter – it’s been no secret that a new product was on the way. The day has now come, and we couldn’t be happier to announce that cPanel SEO has arrived! cPanel SEO was designed to not only improve your search engine results, but also the actual content of your website. …
The post cPanel SEO Has Launched first appeared on cPanel Blog.
WP Briefing: Episode 24: Three Goals in 2022
Feb07
on February 7, 2022
at 12:00 pm
Posted In: Uncategorized
In episode 24 of the WordPress Briefing, the Project’s Executive Director reviews three big-picture goals for the year: Increased Gutenberg adoption, support of all open source alternatives, and stewarding the open source ethos. Have a question you’d like answered? You can submit them to [email protected], either written or as a voice recording. Credits Editor: Dustin Hartzler […]
The Month in WordPress – January 2022
Feb04
on February 4, 2022
at 7:41 pm
Posted In: Uncategorized
There are a few significant moments in the history of the WordPress project. January 2022 is one of them, with the release of WordPress 5.9! But that’s not all. Read on to learn more about the latest updates and achievements from the community. WordPress 5.9 Joséphine is here Meet WordPress 5.9 Joséphine. Named in honor […]
Netcraft’s most recent Web Server Survey includes nearly 1.2 billion websites. Most of these sites return a server banner that shows which web server software they use, thus allowing us to determine the market shares of each server vendor since 1995.
Many of these server banners are simply short strings like “Apache”, while others may include additional details that reveal which other software – and which versions – are installed on the server. One such example is “Apache/2.2.32 (Unix) mod_ssl/2.2.32 OpenSSL/1.0.2k-fips DAV/2 PHP/5.5.38”.
Chrome’s Network Inspector showing the HTTP response headers for wordpress.com, which uses the nginx web server. It does not reveal a version number.
A web server reveals its server banner via the Server HTTP response header. This string is not ordinarily exposed to users, but most browsers allow it to be viewed in the Network Inspector panel.
Custom banners
Web server software usually allows its server banner to be modified. A common reason for changing the default value is to reduce the amount of information that would be revealed to an attacker.
For example, if a web server advertises itself as running a vulnerable version of Apache, such as “Apache/2.4.49” it could be more likely to come under attack than a server that reveals only “Apache”.
Our Web Server Survey includes a few websites that return the following Server header, which takes a deliberate swipe at the effectiveness of hiding this sort of information:
Server: REMOVED FOR PCI SCAN COMPLIANCE - SECURITY THROUGH OBSCURITY WORKS, RIGHT? - https://bit.ly/2nzfRrt
Of course, with this amount of flexibility, a cheeky or malicious administrator can configure a web server to pretend to be anything they want. Sometimes this is done in a deliberate attempt to cloak the truth or to mislead, while in others it may simply be done as a joke waiting to be found by anyone curious enough to look for the banner.
Unlikely server banners
Amongst the 1.2 billion websites, there are plenty of examples of unlikely server banners.
WordPress 5.9 is available thanks over 600 contributors who helped make it happen.
Download to test the third Release Candidate (RC3) for WordPress 5.9.
WP Briefing: Episode 23: A letter from WordPress’ Executive Director
Jan17
on January 17, 2022
at 12:00 pm
Posted In: Uncategorized
As we greet a new year, WordPress’ Executive Director writes a letter to the project and community that speaks to the hopes of the year ahead. Have a question you’d like answered? You can submit them to [email protected], either written or as a voice recording. Credits Editor: Dustin Hartzler Logo: Beatriz Fialho Production: Chloé Bringmann Song: Fearless First […]
Increasing Number of Bank-Themed Survey Scams
Jan12
on January 12, 2022
at 12:00 am
Posted In: Uncategorized
Examples of bank-themed survey scams seen by Netcraft
Netcraft has seen a large increase in survey scams impersonating well-known banks as a lure. These are often run under the guise of a prize in celebration of the bank’s anniversary, though in some cases a reward is promised just for participating.
These scams first came to Netcraft’s attention around 16 months ago, when businesses that were particularly useful during lockdown such as supermarkets, mobile phone networks, and delivery companies were targeted. The expansion of these attacks to use banks as a lure started in October 2021. To date we have seen over 75 distinct banks used as lures for these survey scams, with a global spread including banks from US, UK, Asia, and the Middle East.
The second Release Candidate (RC2) for WordPress 5.9 is available! The final release is slated for January 25, 2022.
This security release features four security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated. WordPress 5.8.3 is a short-cycle security release. The next major release will be version 5.9, which is already in the Release Candidate stage. You […]
Updated End User License Agreement – January 2021
Jan06
on January 6, 2022
at 8:32 pm
Posted In: Uncategorized
We’ve recently updated our End User License Agreement. The primary purpose is to update the European Union’s “Standard Commercial Clauses” (SCC) in our Data Processing Agreement (DPA). cPanel is providing the SCCs to help our customers who are in the European Economic Area comply with their regulatory obligations in light of the “Schrems II” decision. These SCCs will automatically apply to cPanel, and …
The post Updated End User License Agreement – January 2021 first appeared on cPanel Blog.
December was a busy month for the WordPress community. In the latest episode of the WP Briefing podcast, WordPress Executive Director Josepha Haden Chomphosy shares a carol of thanks and shows her gratitude to all the people who make the WordPress project a success. (…) I know that we have gotten so much done together […]
The WordPress 5.9 Release Candidate 1 is available. The final release is slated for January 25, 2022.
People of WordPress: Collins Agbonghama
Dec30
on December 30, 2021
at 10:45 pm
Posted In: Uncategorized
Collins Agbonghama, a web developer from Nigeria, Africa, shares how WordPress gives him a sustainable income and a better future.
WordPress 5.9 Beta 4 released on 21 December 2021 and is available for testing.
WP Briefing: Episode 22: A Carol of Thanks
Dec20
on December 20, 2021
at 7:22 pm
Posted In: Uncategorized
In this last episode of 2021, Josepha Haden Chomphosy takes the time to appreciate those who make the WordPress project a success and offers a carol of thanks. Have a question you’d like answered? You can submit them to [email protected], either written or as a voice recording. Credits Editor: Dustin Hartzler Logo: Beatriz Fialho Production: Chloé Bringmann Song: […]
Highlights from State of the Word 2021
Dec16
on December 16, 2021
at 1:04 am
Posted In: Uncategorized
Highlights and the official video for State of the Word 2021
Podcast | A Look Back at eCommerce in 2021, and What to Look For in 2022
Dec15
on December 15, 2021
at 3:09 pm
Posted In: Uncategorized
We’ve reached the end of 2021, and it seems like just yesterday we were talking about omni-channel marketing and the massive evolutions that eCommerce saw in 2020. But now it’s time to recap what we’ve learned on Season 2 of Next Level Ops, as well as look towards what’s in store for 2022. To help us do that, we have Brian Richards, founder of WPSessions and organizer of WooSesh, the only WooCommerce-focused event. Brian has developed eCommerce sites, has been teaching WordPress for nearly 10 years, and now focuses on running WordPress and WooCommerce events. As a result, he has…
The post Podcast | A Look Back at eCommerce in 2021, and What to Look For in 2022 appeared first on Plesk.
The Apache Log4j exploit and how to protect your cPanel server
Dec15
on December 15, 2021
at 1:45 am
Posted In: Uncategorized
On Friday, December 10, 2021, a vulnerability for Log4j was announced in CVE-2021-44228. Log4j is developed by the Apache Foundation and is widely used by both enterprise apps and cloud services. It was reported by Alibaba Cloud’s security team to Apache on November 24. They also revealed that CVE-2021-44228 impacts default configurations of multiple Apache frameworks, including Apache Struts2, Apache Solr, Apache Druid, Apache Flink, and others. The United States Cybersecurity and Infrastructure Security …
The post The Apache Log4j exploit and how to protect your cPanel server first appeared on cPanel Blog.
WordPress 5.9 Beta 3 is now available for testing. Help test to make the release as good as it can be.
Plesk WordPress Toolkit 5.8 Release: Site Vulnerability Scan, Autodetection WordPress Login URL, and More
Dec13
on December 13, 2021
at 4:47 pm
Posted In: Uncategorized
The Plesk WordPress Toolkit 5.8 is now available. This release comes with the biggest game charger feature of the year – the Site Vulnerability Scan. Let’s have a look at why we’re so excited about this feature going forward: Site Vulnerability Scan WordPress Toolkit can now regularly scans active plugins, themes, and WordPress versions to identify known vulnerabilities, using information provided by our friendly partners at Patchstack. Before we go further into the details of this feature, let’s quickly go through some numbers to understand how much of a game changer this really is: First of all, WordPress is used…
The post Plesk WordPress Toolkit 5.8 Release: Site Vulnerability Scan, Autodetection WordPress Login URL, and More appeared first on Plesk.
Can you help test the latest software version of WordPress? 5.9 Beta 2 was published on 7 December 2021, help find any bugs.
Bangladesh, South African and Iraqi Government sites have been found to be hosting web shells
Dec03
on December 3, 2021
at 12:00 pm
Posted In: Uncategorized
Netcraft recently confirmed that a Bangladesh Army site was hosting an Outlook Web Access (OWA) web shell. Additionally, an OWA web shell was found on the Department of Arts and Culture site for the South-African Kwazulu-Natal province and an Iraqi government site was found to be hosting a PHP shell. Web shells are a common tool used by attackers to maintain control of a compromised web server, providing a web interface from which arbitrary commands can be executed on the server hosting the shell. OWA provides remote access to Microsoft Exchange mailboxes; since the disclosure of the ProxyLogon vulnerabilities in March, Microsoft Exchange has become a popular target for cyberattacks.
The Month in WordPress – November 2021
Dec02
on December 2, 2021
at 11:30 am
Posted In: Uncategorized
Despite the holiday season being around the corner, the WordPress project didn’t slow down. In a recent episode of WP Briefing, Executive Director Josepha Haden shares the first thing she wants people to notice about WordPress, which is also the heart of this open source project: Now, the first thing I want people to see […]
WordPress 5.9 Beta 1 is now available for testing! This version of the WordPress software is under development. You don’t want to run this version on a production site. Instead, it is recommended that you run this on a test site. This will allow you to test out the new version. You can test the […]