EDITS.WS

Tag: plugins

  • How to Optimize Kinsta WordPress Hosting with WP Rocket

    Your site can run faster than ever, specifically when you use Kinsta with WP Rocket. We’ll show you how to set it up!

    The post “How to Optimize Kinsta WordPress Hosting with WP Rocket” first appeared on WP Mayor.

  • Best WordPress Multilingual Plugins

    WordPress has become one of the most popular open source Content Management Systems, and now powers and supports more than 60,000,000 blogs and sites from all over the world.

    Since WordPress is so widely used all over the world, there is an inherent need for site contents to be displayed in different languages. Now with eCommerce sites also being constructed with WordPress, it is quite important to make one single site with multiple language compatibility. This can make the sites usable for people speaking different languages. Multilingual plugins from WordPress are developed for this very purpose.

    The post “Best WordPress Multilingual Plugins” first appeared on WP Mayor.

  • MariaDB Health Checks Plugin Now Available on WordPress.org

    A new MariaDB Health Checks plugin is now available on WordPress.org, thanks to the efforts of contributors involved in the 2023 CloudFest Hackathon which took place in Germany. MariaDB is a popular open source database used by those looking to further scale their websites, as it is generally faster than MySQL with better support for a concurrent number of connections.

    “At the moment it appears WordPress is dominating the PHP world, so this seemed to be the perfect target,” MariaDB Foundation Chief Contributions Officer Andrew Hutchings said about creating the plugin at the hackathon.

    “The MariaDB Foundation loves WordPress (I’m writing this post in WordPress right now) so it seemed like a logical project.”

    The plugin helps users debug their MariaDB databases by displaying important information, such as logs, locale, connections, character set and collation, and options. It also shows a graph of the number of queries and the execution time over the last 24 hours.

    The plugin also integrates with WordPress’ Site Health feature with two checks: an end-of-life check and a check for whether Histograms have been run. Histograms are an optimizer that can help improve MariaDB performance, and the plugin enables calculation of histograms to run on WordPress tables with the click of a button under the plugin’s Tools menu.

    “There are a few features now and it is a good framework to add more features to in future,” Hutchings said. “This is a community project and is open to suggestions and pull requests. This is a project that we at the MariaDB Foundation want to support in the future.”

    MariaDB Health Checks is developed on GitHub where developers can follow the plugin’s progress, contribute to new features, and report bugs.

  • ACF Plugin’s Reflected XSS Vulnerability Attracts Exploit Attempts Within 24 Hours of Public Announcement

    On May 5, Patchstack published a security advisory about a high severity reflected cross-site scripting (XSS) vulnerability in ACF (Advanced Custom Fields), potentially affecting more than 4.5 million users. WP Engine patched the vulnerability on May 4, but the Akamai Security Intelligence Group (SIG)  is reporting that attackers began attempting to exploit it within 24 hours of Patchstack’s publication.

    “Once exploit vector details are publicly released, scanning and exploitation attempts rapidly increase,” Akamai Principal Security Researcher Ryan Barnett said. “It is common for security researchers, hobbyists, and companies searching for their risk profile to examine new vulnerabilities upon release. However, the volume is increasing, and the amount of time between release and said growth is drastically decreasing. The Akamai SIG analyzed XSS attack data and identified attacks starting within 24 hours of the exploit PoC being made public.

    “What is particularly interesting about this is the query itself: The threat actor copied and used the Patchstack sample code from the write-up.

    Patchstack’s security advisory includes a breakdown of the vulnerability, sample payload, and details of the patch.

    Although the vulnerability, assigned CVE-2023-30777, was promptly patched, and WP Engine alerted its users the same day, site owners have been slow to update to the latest, patched version of the plugin (6.1.6). Only 31.5% of the plugin’s user base are running version 6.1+, leaving a significant portion still vulnerable unless they are protected by additional security measures like virtual patches.

    “Exploitation of this leads to a reflected XSS attack in which a threat actor can inject malicious scripts, redirects, ads, and other forms of URL manipulation into a victim site,” Barnett said. “This would, in turn, push those illegitimate scripts to visitors of that affected site. This manipulation is essentially blind to the site owner, making these threats even more dangerous.”

    Barnett noted that attackers using the sample code from Patchstack indicates these are not sophisticated attempts, but the comprehensive security advisory makes vulnerable sites easy to target.

    “This highlights that the response time for attackers is rapidly decreasing, increasing the need for vigorous and prompt patch management,” Barnett said.

  • ACF Launches New Annual Survey

    WP Engine has launched an annual survey for Advanced Custom Fields (ACF), one of the plugins it acquired from Delicious Brains in 2022. ACF reports more than 4.5 million active users, including PRO site installs, and WP Engine Product Manager Iain Poulson reports that the plugin is “growing in every way since the acquisition.” ACF has added more users, features, and releases, along with community building efforts like bi-weekly office hours.

    This is the first time ACF has surveyed its user base about how they are building sites with WordPress and what can be improved. The survey starts with questions about the contexts in which professionals are using ACF and the volume and types of sites they are building. Respondents are asked about how they edit their sites, the type of license they are using, how often the reach for ACF in their toolbox, and which ACF features they use most often (i.e. REST API, ACF Blocks, Options pages, ACF Forms, Post Types Registration, etc.).

    The survey is on the lengthier side with an estimated 15 minutes to complete. As ACF is a critical and indispensable part of many WordPress developers’ workflow, helping to shape its future development may be worth the time. WP Engine has also added a few questions that may only be tangentially related to ACF, such as where users are hosting their WordPress sites and what they use for local development.

    “It’s our primary method for gathering insights and feedback from the WP community on what they would like to see in ACF,” WP Engine Product Marketing Manager Rob Stinson said. He also related the importance of previous customer feedback that helped ACF’s team plan and implement features like registering CPTs and Taxonomies (v6.1).

    “In the near term, we’re working on bringing a UI to register Options Pages which is a PRO plugin feature, some long requested features like bi-directional relationship fields and improvements to conditional logic rules for taxonomy fields,” Poulson said. “We will also be focussing a release on more ACF Blocks features and improvements. The survey won’t likely change those planned features, and the initial results are validating our planned work on ACF Blocks.”

    The survey ends May 19, 2023, and WP Engine plans to publish an aggregated and anonymized version of the results soon after the data is collected.

  • Essential Addons for Elementor Patches Critical Privilege Escalation Vulnerability

    Essential Addons for Elementor, a plugin with more than a million active installs, has patched an unauthenticated privilege escalation vulnerability in version 5.7.2. The vulnerability was discovered on May 8, 2023, and reported by Patchstack researcher Rafie Muhammad. It was given a 9.8 (Critical severity) CVSS 3.1 score and is not yet known to have been exploited.

    Muhammad outlined the vulnerability in a security advisory published today:

    This plugin suffers from an unauthenticated privilege escalation vulnerability and allows any unauthenticated user to escalate their privilege to that of any user on the WordPress site.

    It is possible to reset the password of any user as long as we know their username thus being able to reset the password of the administrator and login on their account. This vulnerability occurs because this password reset function does not validate a password reset key and instead directly changes the password of the given user. 

    The plugin’s authors published the patch today, on May 11, with the following note in the changelog:

    5.7.2 – 11/05/2023
    Improved: EA Login/Register Form for Security Enhancement
    Few minor bug fixes & improvements

    The vulnerability affects sites using versions 5.4.0 to 5.7.1 of Essential Addons for Elementor. Users are advised to update to the latest version 5.7.2 immediately now that Patchstack has published the proof of concept for exploiting it.

  • Pop Up Your Contact Game: Adding a Form in WordPress

    Are you looking for ways to increase engagement and get more leads on your WordPress website? One simple trick to boost your contact game is by adding a pop-up form. Pop-up forms are an effective way to capture visitors’ attention and encourage them to take action. In this article, we’ll show you how to add a pop-up form to your WordPress website and get more leads.

    Boost Your Contact Game with a Pop-Up Form in WordPress

    Pop-up forms are a great way to grab visitors’ attention and encourage them to take action. Whether you want to collect email addresses, gather feedback, or promote a new product or service, a pop-up form can help you achieve your goals. The good news is, adding a pop-up form to your WordPress website is easy. There are many plugins available that can help you create and customize your pop-up form in a matter of minutes.

    One popular plugin for creating pop-up forms in WordPress is OptinMonster. This plugin comes with a drag-and-drop builder that makes it easy to create custom pop-up forms without any coding skills. OptinMonster also offers various targeting and triggering options, so you can display your pop-up form to the right audience at the right time. For example, you can set up your pop-up form to appear after a visitor has spent a certain amount of time on your website or scrolled down a certain percentage of the page.

    Get More Leads and Boost Engagement with this Simple Trick

    Adding a pop-up form to your WordPress website can help you get more leads and boost engagement. By capturing visitors’ contact information, you can follow up with them and turn them into loyal customers. Pop-up forms also provide a way for visitors to give feedback or ask questions, which can help you improve your website and customer service.

    To make the most of your pop-up form, be sure to offer something of value in exchange for visitors’ contact information. This could be a free ebook, a discount code, a webinar, or a newsletter subscription. By providing a valuable incentive, you’re more likely to get visitors to fill out your form and become leads.

    Adding a pop-up form to your WordPress website is a simple and effective way to boost your contact game and get more leads. With the right plugin and targeting options, you can create a custom pop-up form that grabs visitors’ attention and encourages them to take action. So why not give it a try and see how it can help you grow your business?

  • Revive your Redirects with Quick Fix for Error 400!

    Revive your Redirects with Quick Fix for Error 400!

    So you’ve implemented redirects on your website to improve user experience and streamline navigation. But what happens when those redirects start throwing error 400 messages? Fret not! There’s a quick fix that can revive your redirects and get your website back on track.

    Quick Fix for Error 400: Revive Your Redirects!

    Error 400, also known as the “Bad Request” error, occurs when the server cannot understand the client’s request due to malformed syntax. This can happen when there’s an issue with your redirects, such as an incorrect URL or a missing parameter. To fix this error and revive your redirects, all you need to do is use a URL validator tool to ensure that your redirects are correctly formatted and working as intended.

    One quick and easy way to validate your URLs is to use an online tool like the W3C Link Checker. Simply enter the URL you’re redirecting from, and the URL you’re redirecting to, and hit “Check.” The tool will quickly scan your URLs and flag any issues that may be causing the error 400 message. Once you’ve identified the issue, you can make the necessary fixes to your redirects and get your website back up and running.

    Fixing Your Website’s Error 400 Was Never This Easy!

    With the quick fix for error 400, reviving your redirects and getting your website back on track has never been easier. By using a URL validator tool like the W3C Link Checker, you can quickly identify and fix any issues with your redirects, ensuring that your website runs smoothly and provides users with a seamless experience. So don’t let error 400 slow you down – use the quick fix and get back to business!

    In conclusion, error 400 can be a frustrating issue for website owners, but it doesn’t have to be a roadblock. With the quick fix for error 400, you can easily validate your URLs and fix any issues with your redirects, getting your website back up and running in no time. So next time you encounter error 400, remember that reviving your redirects is just a few clicks away.

  • Secure Your Site: Happy Ways to Backup

    As a website owner, one of the most important things you can do is to make sure you have a backup of your site. Not only does having a backup give you peace of mind, it can also help you in the event of a disaster or unexpected issue. In this article, we’ll explore some happy ways to backup your site and keep your data safe.

    Be Prepared: Backup Your Site Regularly

    Backing up your site on a regular basis is crucial for ensuring that you always have a recent copy of your data. There are several ways to do this, including using a plugin or a backup service. Some hosting providers also offer backup services, so be sure to check with your provider to see what options are available.

    One happy way to backup your site is to use a plugin like UpdraftPlus, which allows you to schedule backups and store them off-site, such as in the cloud. This means that even if your server crashes or your site is hacked, you’ll still have a recent backup that you can use to restore your site.

    Another option is to use a backup service like CodeGuard, which automatically backs up your site on a daily basis and stores the backups in the cloud. CodeGuard also offers a one-click restore feature, which makes it easy to restore your site to a previous state if something goes wrong.

    Safeguard Your Data: Happy Backup Solutions

    In addition to backing up your site, it’s also important to make sure that your backups are secure. This means storing your backups in a safe location and using encryption to protect your data. One happy way to do this is to use a backup service that offers encryption and secure storage, such as VaultPress.

    VaultPress is a backup service that’s built by the same team behind WordPress itself. It provides automatic daily backups, as well as malware scanning and repairs. All backups are encrypted and stored in a secure off-site location, so you can be sure that your data is safe.

    Another happy way to safeguard your data is to use a backup service like Backblaze. Backblaze provides unlimited backup storage for a low monthly fee, and offers encryption and 24/7 customer support. With Backblaze, you can rest easy knowing that your data is secure and protected.

    In conclusion, backing up your site on a regular basis is one of the most important things you can do to protect your data and ensure that your site is always up and running. By using happy backup solutions like plugins, backup services, and secure storage options, you can rest easy knowing that your data is safe and protected.

  • Advanced Custom Fields Plugin Patches Reflected XSS Vulnerability

    Advanced Custom Fields (ACF) has patched a reflected XSS vulnerability that affects versions 6.1.5 and below of ACF and ACF Pro, potentially impacting more than 2+ million users. It was discovered by Patchstack researcher Rafie Muhammad in February 2023, and patched by ACF developers in version 6.1.6 in April.

    Patchstack published a security bulletin and Muhammad described the vulnerability as follows:

    This vulnerability allows any unauthenticated user to steal sensitive information for, in this case, privilege escalation on the WordPress site by tricking a privileged user to visit the crafted URL path. 

    The vulnerability was given a high severity CVSS score of 3.1. Muhammad outlined a proof of concept in the security bulletin. At this time, the vulnerability is not known to have been exploited. ACF free and ACF Pro users should update to the latest 6.1.6 version of the plugin as soon as possible.