And now for something completely different…
It’s Friday, and time to recap what I found newsworthy in the world of WordPress. Let’s lead off with the latest headline of importance regarding a plugin security issue.
Gravity Forms Breach
This one was reported by Patchstack hours ago (as of this writing) and involves the popular Gravity Forms plugin. Patchstack is calling this a supply chain attack. Two of the possible functions the malicious code might be able to perform on a compromised site are to create or delete users, including admins.
Update
Gravity Forms has released a patched version and posted about the incident on their blog. It appears to only affect plugins that were manually downloaded or installed via Composer.
Stay Informed
If you are interested in exploring other vulnerabilities in the WordPress ecosystem, there are several sources who report their findings on a regular basis:
- https://patchstack.com/category/security-advisories/
- https://www.wordfence.com/blog/
- https://solidwp.com/blog/
- https://blog.sucuri.net/
As a related aside, WordPress will be officially dropping security support/updates for versions 4.1 – 4.6
If you are still running these versions on your website, or are not sure – Chat me up now!
Maintenance + Support
System Updates · Uptime Monitoring · Backups · Troubleshooting · more
Monthly Subscription Plans
starting at
$49
/Month
WordPress Internships
University students seeking to fulfill internship requirements to graduate may now have a possible roadmap through the WordPress Foundation. According to the official release, participants can meet requirements by contributing to the open-source project, while learning valuable real-world skills.
Open to students from all fields of study, the program blends structured onboarding with a personalized contribution project. Activities are adapted to each student’s degree program and familiarity with WordPress, aiming to develop transferable skills, academic-related competencies, and active participation in the WordPress community.
Foundational Training includes:
- An introduction to open source principles and the WordPress Foundation
- Getting familiar with community tools (Slack, Make blogs, Learn platform, GitHub)
- Setting up a personal WordPress site and publishing content
Visit the official announcement for more information.
WordCamp US: Portland
It’s not new news, but it is coming up soon.
August 26-29 are the dates for WordCampUS in Portland, OR this year.
As of today, there are still tickets available.
Podcasts
I found two of the most recent podcasts on WPTavern to be worth the time.
MeetUps and Community Building
Podcast# 176 features Héctor de Prada on the power of local WordPress Meetups in building community.
Failing Forward in Business
Podcast #175 has Jennifer Schumacher dishing up her experiences and lessons learned from making mistakes in running her WordPress based agency
Have a great weekend!