We’ve recently updated our End User License Agreement. The primary purpose is to update the European Union’s “Standard Commercial Clauses” (SCC) in our Data Processing Agreement (DPA). cPanel is providing the SCCs to help our customers who are in the European Economic Area comply with their regulatory obligations in light of the “Schrems II” decision. These SCCs will automatically apply to cPanel, and …
December was a busy month for the WordPress community. In the latest episode of the WP Briefing podcast, WordPress Executive Director Josepha Haden Chomphosy shares a carol of thanks and shows her gratitude to all the people who make the WordPress project a success. (…) I know that we have gotten so much done together […]
In this last episode of 2021, Josepha Haden Chomphosy takes the time to appreciate those who make the WordPress project a success and offers a carol of thanks. Have a question you’d like answered? You can submit them to wpbriefing@wordpress.org, either written or as a voice recording. Credits Editor: Dustin Hartzler Logo: Beatriz Fialho Production: Chloé Bringmann Song: […]
We’ve reached the end of 2021, and it seems like just yesterday we were talking about omni-channel marketing and the massive evolutions that eCommerce saw in 2020. But now it’s time to recap what we’ve learned on Season 2 of Next Level Ops, as well as look towards what’s in store for 2022. To help us do that, we have Brian Richards, founder of WPSessions and organizer of WooSesh, the only WooCommerce-focused event. Brian has developed eCommerce sites, has been teaching WordPress for nearly 10 years, and now focuses on running WordPress and WooCommerce events. As a result, he has…
On Friday, December 10, 2021, a vulnerability for Log4j was announced in CVE-2021-44228. Log4j is developed by the Apache Foundation and is widely used by both enterprise apps and cloud services. It was reported by Alibaba Cloud’s security team to Apache on November 24. They also revealed that CVE-2021-44228 impacts default configurations of multiple Apache frameworks, including Apache Struts2, Apache Solr, Apache Druid, Apache Flink, and others. The United States Cybersecurity and Infrastructure Security …
The Plesk WordPress Toolkit 5.8 is now available. This release comes with the biggest game charger feature of the year – the Site Vulnerability Scan. Let’s have a look at why we’re so excited about this feature going forward: Site Vulnerability Scan WordPress Toolkit can now regularly scans active plugins, themes, and WordPress versions to identify known vulnerabilities, using information provided by our friendly partners at Patchstack. Before we go further into the details of this feature, let’s quickly go through some numbers to understand how much of a game changer this really is: First of all, WordPress is used…
Netcraft recently confirmed that a Bangladesh Army site was hosting an Outlook Web Access (OWA) web shell. Additionally, an OWA web shell was found on the Department of Arts and Culture site for the South-African Kwazulu-Natal province and an Iraqi government site was found to be hosting a PHP shell. Web shells are a common tool used by attackers to maintain control of a compromised web server, providing a web interface from which arbitrary commands can be executed on the server hosting the shell. OWA provides remote access to Microsoft Exchange mailboxes; since the disclosure of the ProxyLogon vulnerabilities in March, Microsoft Exchange has become a popular target for cyberattacks.
Despite the holiday season being around the corner, the WordPress project didn’t slow down. In a recent episode of WP Briefing, Executive Director Josepha Haden shares the first thing she wants people to notice about WordPress, which is also the heart of this open source project: Now, the first thing I want people to see […]
WordPress 5.9 Beta 1 is now available for testing! This version of the WordPress software is under development. You don’t want to run this version on a production site. Instead, it is recommended that you run this on a test site. This will allow you to test out the new version. You can test the […]
Are you an SEM enthusiast? If you enjoy trying and testing new and exciting tech, join our cPanel SEO Beta Testing Program and help improve our tools, service, and solutions. We ask that you don’t publicize or share the features you’re testing until they’re officially launched. (Including comments on social) By beta testing, you’ll become an important part of our product development. Your participation and feedback will help us release a better version of our tool as …
In episode 21 of the WordPress Briefing, Executive Director, Josepha Haden Chomphosy, talks all things block themes with developers and theme specialists Maggie Cabrera and Jeff Ong. Have a question you’d like answered? You can submit them to wpbriefing@wordpress.org, either written or as a voice recording. Credits Editor: Dustin Hartzler Logo: Beatriz Fialho Production: Chloé Bringmann Song: Fearless […]
Netcraft has to date identified nearly 10,000 websites used in the distribution of the FluBot family of Android malware. As detailed in our previous articles on FluBot, these sites are unwittingly hosting a PHP script that acts as a proxy to a further backend server, allowing otherwise legitimate sites to deliver Android malware to victims. When visited by the intended victim, a “lure” is displayed that implores them to download and install the FluBot malware.
The most common lure themes are parcel delivery and voicemail messages, where the user is told to install the malicious app to track a parcel or listen to a voicemail message. One particularly interesting lure took advantage of FluBot’s infamy, by offering a fake “Android security update” that claimed to protect against the malware family. Users installing this “security update” would instead be infected with FluBot.
Most sites distributing FluBot malware also host legitimate content, suggesting they were compromised by the operators of this malware distribution network, without the knowledge of the site operator. While the use of unrelated domains makes the lures less convincing, as compared to domains specifically registered for fraud, it allows the malware distribution network to operate at a much larger scale.
These affected sites all have one factor in common: they run self-hosted WordPress instances. Netcraft believes the operators of this malware distribution network are actively exploiting well-known vulnerabilities in WordPress plugins and themes to upload malicious content onto insecure sites, joining a growing list of threat actors doing the same.
A collection of lures used by the FluBot distribution network
State of the Word 2021 is just around the corner! Although attending State of the Word in person would be ideal, not all WordPress community members get to enjoy the experience of attending the speech live with friends. This year, as State of the Word is streamed live for the second time, we want to […]
As we near the end of 2021, we’re looking forward and feeling excited about all the changes and improvements we’re making, much of which is a direct result of feedback we’ve received from our customers. We’ve reached out via multiple channels throughout this year to get as much feedback from you as we can… some of which has even already been implemented into our products! We wanted to take one last opportunity to hear from …
WordPress 5.9 is expected to be a ground-breaking release. It will introduce the next generation of themes with Twenty Twenty-Two joining the fun and over 30 theme blocks to build all parts of your site. In anticipation of the January 25th release, we hope you enjoy this sneak peek of 5.9. New design tools will […]
As previously announced, State of the Word will be livestreamed from New York City. That means that you can join the fun either online or in person, on December 14, 2021, between 5 and 7 pm EST! To join State of the Word 2021 online, check your Meetup chapter for a local watch party, or […]
In this episode, WordPress’s Executive Director, Josepha Haden Chomphosy, answers two recently asked questions. Tune in to hear what those questions were and her response, in addition to this week’s small list of big things. Have a question you’d like answered? You can submit them to wpbriefing@wordpress.org, either written or as a voice recording. Credits […]
Howdy, World! Mark your calendars; it’s almost time for State of the Word 2021! State of the Word is the annual keynote address delivered by the WordPress project’s co-founder, Matt Mullenweg. Every year, the event allows us to reflect on the project’s progress and the future of open source. This year will include that and […]
Each year, members of the WordPress community (users, site builders, extenders, and contributors) provide their valuable feedback through an annual survey. Key takeaways and trends that emerge from this survey often find their way into the annual State of the Word address, are shared in the public project blogs, and can influence the direction and […]
WordPress 5.8.2 is now available! This security and maintenance release features 2 bug fixes in addition to 1 security fix. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 5.2 have also been updated. WordPress 5.8.2 is a small focus security and maintenance release. The next […]
PHP protects server performance by limiting file upload sizes, but the default limit is too low for many modern web applications. You’re likely to encounter this issue when a PHP application displays an error message asking you to increase the PHP max upload file size. There are various ways to increase the upload limit, including editing PHP configuration files directly. In this article, we’ll show you how to adjust PHP upload limits in cPanel & …
The Government of Eswatini’s website, www.gov.sz, is running a cryptojacker. Cryptojackers
use website visitors’ CPU power to mine cryptocurrency, most often without their knowledge or permission.
Data from archive.org suggests the JavaScript snippet was added to the site’s HTML source between 28th September and 6th October.
WebMinePool cryptojacker injection on www.gov[.]sz.
While sites that are kept open for long periods of time are often the most lucrative – the longer
the victim’s browser tab is open, the more cryptocurrency can be mined — criminals are typically
not fussy when deploying cryptojackers. Criminals can target large swathes of sites at once, including
those using vulnerable or out-of-date software, compromised third-party JavaScript, or with easily guessable
administrator credentials.
When you’re building a database for a web application, one of the most impactful decisions is the data type you choose for text data fields. MySQL provides multiple string data types, each with unique characteristics and trade-offs. The data type you choose affects how much data you can store, where it’s stored, the functionality available to you, and the performance of everyday database operations. In this article, we’ll look at one frequently asked question concerning …
