There's something to listen to this week, namely the first episode of capital_P_odcast - a new podcast from the German WP community. And Wordfence has published the WordPress Attack Report for July. We also show you one of the biggest gateways for hackers that hardly anyone knows about.
XMLrpc: The programmed WordPress security vulnerability
XMLrpc: What looks like someone fell asleep with their head on the keyboard is actually a programmed WordPress vulnerability. Originally conceived for remote access to the WordPress site, XMLrpc now serves primarily as a gateway for hackers. Figures show that the majority of brute force attacks target both the WP admin and XMLrpc. DDoS attacks are also possible via the interface. Read this article to find out how relevant the vulnerability is and how you can protect yourself.
Performance News
How to speed up your theme in just a few steps
Matthias Kittsteiner uses the example of a child theme from "Twenty Seventeen" to explain how you can improve the performance of your theme with just small changes to the code.
Security News
Wordfence security report from July
As always, the monthly WordPress Attack Report from security provider Wordfence provides interesting insights into the dark machinations of the WordPress universe: although the average number of daily attacks has increased by 21% compared to June, the daily volume of attacks remains surprisingly stable over the month. "It's almost like the attackers went on vacation and left their malicious bots running on autopilot," reads the security report.
TrafficTrade malware spreads
In a blog post, security provider Wordfence warns of so-called "TrafficTrade" malware. A vulnerability in the WP theme "Newspaper" is exploited, allowing attackers to place malicious code in the "wp_options" table. This automatically redirects your site visitors to an attacker page that downloads malicious browser plugins, for example.
WordPress News
Now it's clear: WP 4.9 is coming without Gutenberg Editor
In a core article, Mel Choyce - co-lead of the 4.9 release - has published a preliminary list of goals for the update to WordPress 4.9. The six main topics of the draft are the improvement of code editing, customization, theme switching and image editing as well as the theme and plugin upload via ZIP and the REST API. The planned release date is November 14.
New podcast from the German WP community
In their new "capital_P_odcast", Maja Benke and Bernhard Kau talk about topics and events from the WP community. The aim of the podcast is to provide clarity about what WordPress and the WP community are all about and to discuss relevant topics for WP users. The first episode of the podcast is about the pros and cons of page builders.
WordPress.com is not WordPress.org
The confusion between WordPress.com and WordPress.org is a common phenomenon, especially among WP newcomers. Caspar HĂĽbinger has dedicated a separate page to this problem, on which he critically explains the consequences of this confusion as well as the differences.