WordPress 4.8.2 is the second security release under the 4.8 release of WordPress. This fixes some core issues, as well as the following:
$wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability.
The $wpdb->prepare prepares database queries and as noted, does not directly affect the core. This fix makes it more difficult for add-on items like themes and plugins to cause a vulnerability.
There are additional items fixed by this security release and a list of what is fixed by WordPress 4.8.2 Security release is provided by the good folks at WordPress.
Bravo to the WordPress team for being on top of security issues, as they are discovered. Remember that WordPress is open source and there is a wide community looking out for us. Make sure your site is kept up-to-date, not just with the core, but also plugins and themes. And if you are signed up for my site management through me, you are covered.
The training arm of Michael Mann Web Design is growing. In the past, I operated under two distinct sites: WPbyMe and OS4Me. One was for WordPress based training and the other for all things Open Source Software related.
Then a switch to a new brand came about in 2014-2015 to Frugal Web Guy. This new arm engulfed WPbyMe and expanded the mission beyond text based training into more video based training. The second half of 2016 will see the frugal brand overtaking the OS4Me brand as well. A new hub for all educational opportunities will be built over the next few weeks over at frugaltraining.com. It is my hope to take training for WordPress and the various Open Source Software to the next level, providing some of the very best in the industry.
Hope you will come along for the ride, as I woke to educate the next generation of Web Professionals.
We are extremely sorry for the inconveniences caused. There was an issue with one of our Hypervisors and hardware had to be replaced. As it was a new hardware, it required a complete firmware update and configuration, before the Data Center techs could swap the disks and boot the new blade. That was a time consuming process. It has been completed and we really appreciate your patience. Please do check your domain and let us know.
— AtomicVPS Staff
Note: All clients will be updated today!
Previous to this post, WordPress update notifications have been taking place only over at WPbyMe.com, my WordPress training site. From this update forward, notification will take place here as well.
WordPress 4.1.2 is considered a critical security release and it is strongly encouraged you update your sites immediately. This helps to patch a critical cross-site scripting vulnerability. which could enable anonymous users to compromise a site and affect 4.1.1 and earlier releases.
In addition, the following security fixes are covered with 4.1.2:
- Files with invalid or unsafe names could be uploaded (4.1 and higher)
- A very limited cross-site vulnerability which could be used as part of a social engineering attack (3.9 and higher)
- Some plugins were vulnerable to an SQL injection vulnerability.
Full source and credits to those discovering the vulnerability are available at the official release announcement at WordPress.org
A vulnerability was discovered that would allow someone to leave a comment, which when approved could allow them to compromise your site. 4.1.4 (for those still not on 4.2) and 4.2.1 were released to help seal this issue by removing any malicious comments on upgrade from previous versions and ensure the comments are not too long.
What a week for WordPress. First 4.1.2 to fix a security issue, then 4.1.3 and 4.2 right on its heals. Then issues with 4.2 sites trying to update to 4.1.3 and now this. It’s been a bumpy right but rest assured, my clients sites have all been updated to the latest version as always.
The upcoming My Simple Theme is nearly complete, so I decided to push it on for use here on Michael Mann Web Design. Kicking the tires, I found a few areas where some work could go into improving things. Development is nearly complete and this site will serve as a model site for what is possible with the first theme to be released to the public by me. Enjoy!
So you have located a suitable hosting company, setup WordPress and even installed some plugins. You have your site ready and wish to offer blog hosting to customers. But wait, do you have enough usable themes for your potential customers? There are literally thousands of themes available for WordPress, so we will look at a few way to decide upon a set of themes to offer your customers.
Provide Blog Value
I have been designing web site for clients for over 10 years now and I have developed an outline of items to go through with each and every client. These are five items I believe essential to assist the client with their web site from start to finish and beyond.
Out of the box, WordPress does not enable images to be used for post categories. This can be enabled through the use of the Category Images II plugin.