Due to the jump to version 1.0 and a critical reaction to Mullenweg's Gutenberg plea, the new editor was once again at the center of WP activity last week. And a vulnerability in a WooCommerce plugin makes users potential victims of XSS attacks. We also show you why SQL injections are one of the biggest threats to your WordPress site.
Attack the heart of your pages
SQL injections are very dangerous hacks, especially for store operators. If hackers manage to inject malicious code into your site's database via a vulnerability or create an admin account, your site and its data are largely unprotected. For example, attackers can steal payment data or change your site as they wish. We show how the attacks work and how dangerous they are.
Performance
"Image optimization is both an art and science"
The fact that optimizing images improves the performance of your site is of course nothing new. Nevertheless, you should regularly check whether there is still room for improvement in this respect. According to Ilya Grigorik, Web Performance Engineer at Google, image optimization is both an art and a science: "An art because there is no one definitive answer for how best to compress an individual image, and a science because there are many well developed techniques and algorithms that can significantly reduce the size of an image."
Experience report of the Google Mobile Sites Certification
After certifications in the areas of Google Adwords and Analytics, Google has been offering a "Mobile Site Certification" since April. The 90-minute online test covers topics such as the creation, management, measurement and optimization of mobile websites. Maddy Osman from WMPU DEV tested the course and summarized the pros and cons.
Security
XSS vulnerability in WooCommerce plugin
An XSS vulnerability has been discovered in the WooCommerce premium plugin 'Product Vendors'. Version 2.0.35 is affected. The vulnerability was already fixed a month ago with version 2.0.36. The fact that the vulnerability is now publicly known increases the risk of an XSS attack enormously. If you use the plugin, you should definitely update to version 2.0.36 or higher.
Basic security tips for webshop operators
Creating a website with an online store is now easier than ever thanks to WooCommerce and the like. However, it is more difficult to create an environment in which your customers feel safe when shopping. As customer trust is a crucial success factor, the security provider Sucuri has some basic security tips that you should consider when setting up your online store.
WordPress
What's new in Gutenberg 1.0?
The beta of the new WordPress editor has reached version 1.0. Despite discussions about the jump to the full version, the Gutenberg team has decided not to let certain expectations be dictated by numbers and to maintain the previous frequency of weekly updates. New in 1.0, for example, is the ability to drag and drop media between text blocks or into a media block placeholder.
Reaction to Mullenweg's Gutenberg plea
In response to Matt Mullenweg's latest blog post "We Called it Gutenberg for a Reason", Greg Schoppe expresses his criticism of Mullenweg's promises regarding the new editor from a developer's perspective in an "open response". "Unfortunately, many of those claims don't live up to reasonable scrutiny," writes Schoppe. The comments in the article also provide an insight into the ongoing discussion about the editor.