Connect with us

WordPress

7 WordPress Vulnerabilities Discovered – What You Need to Know

Published

on

7 WordPress Vulnerabilities Discovered - What You Need to Know


WordPress released two updates to fix multiple vulnerabilities. The vulnerabilities have existed since version 3.7. If you have WordPress 5.0, update to 5.0.1. If you want to remain with WordPress 4, update to version 4.9.9. The update may cause backward compatibility issues with some plugins and themes. But that’s less trouble than being hacked.

The WordPress Vulnerabilities

There are seven issues that allow hackers to obtain access to a site.

  1. Authenticated File Delete
  2. Authenticated Post Type Bypass
  3. PHP Object Injection via Meta Data
  4. Authenticated Cross-Site Scripting (XSS)
  5. Cross-Site Scripting (XSS) that could affect plugins
  6. User Activation Screen Search Engine Indexing
    Exposes emails and default generated passwords to search engines
  7. File Upload to XSS on Apache Web Servers

 Versions of WordPress Affected

These seven vulnerabilities affect versions 3, 4, and 5 of WordPress. All WordPress users are recommended to upgrade to WordPress versions 4.9.9 or 5.0.1.

What the WordPress official announcement noted:

WordPress versions 5.0 and earlier are affected by the following bugs, which are fixed in version 5.0.1. Updated versions of WordPress 4.9 and older releases are also available, for users who have not yet updated to 5.0.

Backwards Compatibility Issues

A backward compatibility issue is a problem that causes certain functions to no longer work. For example, the <form> element has been disabled for authors to use. This could affect how plugins function unless they too are updated in order to function in the new environment.

Another issue affecting the upgraded versions of WordPress is the inability to upload CSV files.  According to a full time WordPress contributor, it was necessary to disable the upload of CSV files.

Screenshot of a discussion on the official WordPress websiteCSV files are temporarily disabled on WordPress until a suitable bug fix is created.

Should You Upgrade?

Yes, you should upgrade immediately. Many WordPress sites are upgrading automatically. If you are not upgraded to 4.9.9 or to 5.0.1 at this time, then you should initiate an update right away.  Updating is easy, just go to your WordPress dashboard and there should be an announcement.

How Bad are the Vulnerabilities?

The vulnerabilities should be taken seriously.  Staying with an obsolete version of WordPress could possibly expose you to a hacking event. One of the WordPress contributors expressed that sentiment in the comment sections of the official announcement:

7 WordPress Vulnerabilities Discovered &#8211; What You Need to Know

Read the official WordPress announcement here.

More Resources

Images by Shutterstock, Modified by Author
Screenshots by Author, Modified by Author

Subscribe to SEJ

Get our daily newsletter from SEJ’s Founder Loren Baker about the latest news in the industry!

Ebook





Source link

Continue Reading
Click to comment

You must be logged in to post a comment Login

Leave a Reply

WordPress

Leaning into SEO as Google shifts from search engine to portal

Published

on

Leaning into SEO as Google shifts from search engine to portal


Google’s SERP is almost unrecognizable compared to what it looked like just a few years ago. The changes aren’t just on the surface, either: Google is becoming less search engine, more portal, said Jessica Bowman, CEO of SEO In-house  and Search Engine Land editor at large, during her keynote at SMX Advanced this month.

This evolution is fundamentally altering the customer journey from search, with Google owning the process by enabling users to bypass clicks to websites to get information, take action and even transact. This will have repercussions for just about every company. Bowman offered several plans of action for SEOs preparing for these changes and said investments in SEO will be more important than ever.

Build and train your SEO army

“When I evaluate an organization, I find that every role has activities they do that affect SEO, and SEO needs to be integrated into those activities,” Bowman told Search Engine Land, “The SEO team has to figure out what those are and then train people to do that.”

Larger companies should incorporate SEO into their daily vernacular, said Bowman. This way, you can conscript dozens, if not hundreds, of staff members into your “SEO army,” get them advocating for it, quoting best practices, involving the dedicated SEO team and flagging missing requirements on a day-to-day basis.

Although non-SEOs aren’t expected to be authorities on the topic, their 20% of effort stands to make 80% of the impact on your brand’s overall optimization, Bowman said. It will be up to your main SEO team as well as upper management to empower them.

Expand writing competencies

Product information, news stories, how-to guides and various other types of content may receive higher visibility on SERPs if they appear as a knowledge panel, within a carousel or as a featured snippet. Your writers, be they bloggers, copywriters, social media managers or anything in between, need to be creating content that is comprehensive and authoritative enough to compete for organic visibility, said Bowman.

Writers across the company need to master concepts such as SEO-friendly JavaScript, schema, writing for the long tail, rich snippets and the “People also ask” section in the search results. As with any process, regularly reviewing copy and providing feedback can help assure quality and enable you to get the most from your efforts.

Master Schema and JavaScript for SEO

Understanding and correctly implementing schema on your site can help crawlers make sense of your content and, consequently, increase the odds that it gets displayed as a featured snippet. Featured snippets and other rich results, of course, illustrate the double-edged sword nature of Google’s portal-like interface: They increase your content’s visibility and yet users may not click through to your site because the information they need has already been presented to them.

Event, FAQ, speakable content and much more — Google now supports dozens of markups for various content types, making schema a valuable tool for modern SEO. If you’re using WordPress’ CMS, Yoast has revamped its schema implementation to streamline structured data entry, but it’s still important for your development team to be able to verify the quality of your code.

With Googlebot’s latest update, it can now see more of your content than ever. However, limitations still exist and brands should be cognizant of JavaScript issues that may hinder indexing. Before coding JavaScript, your teams need to be discussing what content search engines will and won’t be able to see. It’s also worth keeping in mind that other search engines may not be as equipped to render your content.

“Particularly for large, global companies, they need to think about these smaller search engines that are less sophisticated than Google but still drive a decent amount of traffic in international markets,” Bowman emphasized.

Monitor and study mobile SERPs

“The problem is, a lot of us work on our computers, and so we’re checking things out on the desktop interface,” Bowman pointed out. Beginning on July 1, all new sites will be indexed using Google’s mobile-first indexing, with older sites getting monitored and evaluated for mobile-first indexing readiness. Since the majority of searches now happen on mobile, brands need to closely examine the mobile SERP and account for updates and changes in order to create content that’s optimized for the devices their audiences are using.

“I think the reason that we, as an industry, have not been talking about this is because of that — we’re not really studying the search results on a mobile interface to truly see they’re [Google] taking it over, and as mobile takes over, they’re going to gobble up some of our traffic. I think once they’ve got it [the mobile SERP] mastered and they know it’s a strong user experience, it’s only a matter of time before they do that to desktop as well.”

Take advantage of big data

“Hiring a data scientist is better than hiring an SEO to study the data,” Bowman stated simply. Data scientists are better equipped to identify commonalities and trends that you can use to improve your optimization efforts, inform your content strategy and enhance user experience (UX).

During her keynote, Bowman also recommended that brands make use of the Google Chrome User Experience Report to compare site speed to the competition as well as reference UX metrics from popular destinations across the web. You can then be more proactive.

Google’s search results interface has changed dramatically, but brands and agencies that can shake the inertia, rally their staffs and reorient their processes will be the first to spot new opportunities and novel ways to reach their audiences.


About The Author

George Nguyen is an Associate Editor at Third Door Media. His background is in content marketing, journalism, and storytelling.

Continue Reading

WordPress

Yoast, Google devs propose XML Sitemaps for WordPress Core

Published

on

Yoast, Google devs propose XML Sitemaps for WordPress Core


The inclusion of XML Sitemaps as a WordPress Core feature has been proposed by a group of Yoast and Google team members as well as other contributors. In addition to a basic XML Sitemap, the proposal also introduces an XML Sitemaps API that would extend functionality for developers and webmasters.

The proposed XML Sitemaps structure. Image sourced from Make WordPress Core.

What it’ll include. The proposal states that XML Sitemaps will be enabled by default, allowing for indexing of the following content types:

  • Homepage
.
  • Posts page
.
  • Core post types (Pages and Posts)
.
  • Custom post types
.
  • Core taxonomies (Tags and Categories)
.
  • Custom taxonomies
.
  • Users (Authors)
.

It’s worth keeping in mind that your WordPress site’s automatically generated robots.txt file will also reference your sitemap index.

What it won’t include. Although the proposed feature will include the majority of WordPress content types and meet search engine minimum requirements, the initial integration will not cover image, video or news sitemaps, XML Sitemaps caching mechanisms or user-facing changes such as UI controls that exclude individual posts or pages from the sitemap.

The XML Sitemaps API. Here’s how the API will let you manipulate your XML Sitemaps:

  • Provide a custom XML Stylesheet
.
  • Add extra sitemaps and sitemap entries
.
  • Add extra attributes to sitemap entries
.
  • Exclude a specific post, post type, taxonomy or term from the sitemap
.
  • Exclude a specific author from the sitemap
.
  • Exclude specific authors with a specific role from the sitemap
.

Why we should care. Sitemaps facilitate indexing by providing web crawlers with your site’s URLs. If implemented, this might mean one less third-party plugin that brands and webmasters have to rely on for their SEO efforts. As a WordPress Core feature, we can expect wider compatibility and support than we might get from third-party solutions.

Poorly optimized plugins can also slow down your site, which can have a negative impact on your organic traffic. This default option from WordPress may not replace plugins like Yoast SEO because they often include other features in addition to XML Sitemaps, but its availability has the potential to provide us with more flexibility over which plugins we install.


About The Author

George Nguyen is an Associate Editor at Third Door Media. His background is in content marketing, journalism, and storytelling.

Continue Reading

WordPress

Yoast SEO 11.4 adds FAQ structured data, UX improvements

Published

on

Yoast SEO 11.4 adds FAQ structured data, UX improvements


Yoast SEO’s latest update enhances its FAQ blocks by automatically generating structured data to accompany questions and answers. The update also introduces some UX improvements and addresses issues with AMP pages when viewed in Reader mode.

How to use it. Yoast’s FAQ structured data implementation is only compatible with the WordPress block editor (also known as Gutenberg; available on versions 5.0 and newer). Webmasters can get started by selecting the FAQ block, adding a question, inputting the answer and an image (if applicable) and repeating the process for all frequently asked questions.

The Yoast FAQ block.

The corresponding FAQpage structured data will be generated in the background and added to Yoast’s structured data graph, which may help search engines identify your FAQ page and figure out how it fits into the overall scheme of your site.

A new action and filter were also introduced to make this integration more flexible. The wpseo_pre-schema_block-type_<block-type> lets you adjust the graph output based the blocks on the page and the wpseo_schema_block_<block-type> filter enables you to filter graph output on a per-block basis.

Other improvements. Yoast has also linked the SEO and readability scores in the Classic Editor and relocated the Focus keyphrase field to the top of meta box and sidebar to make it easier to find. And, they’ve resolved issues with AMP pages when viewed in Reader mode.

Why we should care. At this year’s I/O conference, Google announced support for FAQ markup, which may mean that searchers will be presented with FAQs as rich results more frequently. Being able to easily and efficiently equip our FAQ sections with structured data can yield better odds of earning prominent placement on SERPs.

For more on Yoast’s structured data implementation, check out our coverage on their 11.0 (general schema implementation), 11.1 (image and video), 11.2 (custom schema) and 11.3 (image and avatar) updates.


About The Author

George Nguyen is an Associate Editor at Third Door Media. His background is in content marketing, journalism, and storytelling.

Continue Reading

Trending

Copyright © 2019 Plolu.