Could A Simple Book Save Your Freelance Business?

Presented by Kerry Carron on 02/25/2019 12:00pm

Welcome to this week's Network News Lets get started with the WordPress industry news.

WordPress @ Work

WordPress 5.1 is available as the newest stable WordPress version release. The WordPress 5.1 focuses on improving the overall performance of the newer editor which was released with the 5.0 major release. In addition, 5.1 begins the better, faster, and more secure WordPress journey adding some essential tools for website administrators and developers.

Site HealthSite Health Features for Security and Speed

  • notices to administrators of sites that run long-outdated versions of PHP
  • PHP version check of new plugin installation and restricting installation of incompatible plugins

Block Editor Performance

  • quicker to start
  • smoother typing

Developer Improvements

  • New database table to store metadata and arbitrary site data for multisite and network context.
  • Updated Cron API - new functions and filters
  • New JavaScript build option for reorganizing code released with WP 5.0
  • DEBUG constant updates
  • Config file constant updates
  • New short-circuit functions
  • New human_readable_duration function
  • Improved taxonomy meta box sanitization
  • Limited LIKE support for meta keys
  • New "doing it wrong" notice when registering API endpoints

WordPress Community News

  1. Bootstrap has released versions 4.3.1 and 3.4.1 to patch an XSS vulnerability (CVE-2019-8331)
  2. Alex Mills liver is too damaged by the Leukemia to continue with treatment. Alex is choosing to remain at home where he can be comfortable with family and friends. He is encouraging members of the WordPress community to fork and maintain his open-source plugins. View the Plugins and build upon Alex's legacy.
  3. BuddyPress 4.2.0 is now available. This is a security and maintenance release. All BuddyPress installations are strongly encouraged to upgrade as soon as possible.
  4. The makers of the annual State of JavaScript survey have launched a new survey for developers who work with CSS. The new survey for CSS developers was created to help identify the latest trends in the rapidly changing CSS landscape and will be maintained separately at The State od CSS.
  5. The Ecwid e-commerce plugin, a Woocommerce alternative with a focus on small businesses, is now fully integrated with the new Block Editor

Upcoming WordCamps

From: WordCamp Central

WordCamp Dayton, OH, USA – DAYTON, OH, USA March 1–2, 2019

WordCamp Cebu –
CEBU, Philippines March 2, 2019

WordCamp Kolkata –
KOLKATA, WEST BENGAL, INDIA March 3, 2019

WordCamp Nordic –
HELSINKI, FINLAND – WordCamp NORDIC (REGIONAL WordCamp) March 7–8, 2019

WordCamp Kota Kinabalu –
KOTA KINABALU March 9, 2019 

WordCamp Greenville, SC, USA – GREENVILLE, SC, March 9, 2019

WordCamp Miami, USA – MIAMI, FL USA March 15–17, 2019

WordCamp Kathmandu –
KATHMANDU, BAGMATI, NEPAL March 16–17, 2019

WordCamp Osnabrück –
OSNABRÜCK, GERMANY March 23–24, 2019

WordCamp Bordeaux – BORDEAUX, FRANCE March 23, 2019

WordCamp Entebbe – ENTEBBE, UGANDA March 30–31, 2019

Known WordPress Vulnerabilities

Vulnerabilities without a Fix

There were no known vulnerabilities without a fix this week.

Vulnerability Fixes

Simple Social Buttons 2.0.4-2.0.21 - Authenticated Option Injection:

The flow of this plugin's process had a flaw that when combined with the missing permission check resulted in allowing non-admin users with an ability to modify WP installation options from the wp-options table.

This means anyone who can register new accounts on a site could make modifications to a WordPress site's main settings and could allow an attacker to take over sites by installing backdoors and/or taking over admin accounts.

Update to version 2.0.22

LoginPress <= 1.1.15 - Authenticated Blind SQL Injection:

The potential for an unauthorized attack which could be performed by any user on the site.

The lack of permission check in settings import allows any registered user to be able to import custom plugin settings and adjust login pages as they like. The SQL injection vulnerability is also in the settings import. When checking to see if the image is already uploaded, it is allowed to makes queries directly to the database without sanitizing the appropriate image URL.

Update to version 1.1.16

Newspaper Theme <= 9.2.2 - Cross-Site Scripting (XSS)

This is an Envato Theme Forest theme. Cross-Site Scripting vulnerabilities are susceptible to attacks that inject malicious scripts. Malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of HTML.

XSS attacks could use the theme to send malicious code to a different end user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script.

Update to fixed in version 9.5

WP Cost Estimation

  1. < 9.660 - Upload Directory Traversal
  2. < 9.644 - Arbitrary File Upload and Delete

This is an Envato Code Canyon Plugin for building e-commerce-centric forms. Hackers were using the hacked site to hijack incoming traffic and redirect it to other websites with the potential of exploiting the backdoor further at a later date.

Wordfence identified the second vulnerability and the developer quickly created and released a fix.

Update to version 9.660


OwnWP Community Focus

We’ve had a lot of blog post activity on the site and within the Slack channel since our last Network News. Many OwnWP posts (7), as well as member feed posts (4), are now available. Be sure to join the Network Nudge channel in Slack to get member’s activity feed in real-time.

Read Our Recent Posts

The Outsourcing webinar should also be posting later today.

Member Login Anomaly

We have been having some technical issues with our member login area that we have not yet been able to isolate. Members attempt to login and receive an alert message that they are not authorized in that location but as soon as they navigate to the home page, they are, in fact, logged in.

Obviously, this is a less than ideal situation. It is important to know that we can occasionally replicate the issue however, we have not yet been able to isolate the cause.

The bottom line is that though it appears that members are not able to log in, they really are being logged in. Thankfully, it does not appear to truly affect any actual access to any of the member area.

Member Giveaway

We created this inspirational image quote for you to share across your social networks. This image is free for members to download (available in your member’s area within the Giveaways). The OwnWP branding will not be on the downloaded copies – we left that part blank so you could add your own.

Believe in Yourself!

Please feel free to use your image anywhere you like. If you’d like to thank us, simply let others know that you got it from your OwnWP membership and how they can join us too.

Affiliate Product of the Week – Dealing with Problem Clients

Dealing with Problem ClientsDealing with Problem Clients is a book is written specifically for web developers working with clients. It is written by a friend and fellow OwnWP member Nathan Ingram. Nathan works with WordPress web developers individually and in groups to help them remove the obstacles preventing them from becoming more successful in their freelance businesses. Nathan has been a freelance web developer since 1995 and is based in Birmingham, Alabama.

The book is presented in two parts.

  1. A series of stories about relatable WordPress freelancers who encounter four types of clients causing problems in their lives and their business, aka the Friendly Monsters.
    You’ll probably even recognize yourself in one of these characters or by having been in similar situations.
  2. The second part of the book explains the essential systems and structures needed to contain the monsters.

2 Ways Get the Book:

Use Our Link: Click this link (or the book image) to get the details, and if you happen to buy, we get a thank you commission – a little to keep this site running for a while and maybe even enough to buy a fancy coffee.

Option 2: With this link, you can still explore the page and make a purchase, but this time we’ll get nothing. But hey, it’s OK. No worries, no guilt trip.

Either way, there’s no obligation to buy or take action – we’re just here to help you… Connect. Network. Thrive!

OwnWP Calendar of Events – Registrations are free.

 Network News Registration

Mondays @ 2 pm Mountain time – Network News followed by our Community Connections

 Weekly Webinar Registration

Thursdays @ Noon Mountain time – Weekly Webinar

If you or anyone you know is interested in presenting on OwnWP either as a single, stand-alone presentation or more regularly scheduled event, please contact us.

Presenter Bio: Kerry Carron

Kerry Carron is a loving wife and mother of three grown boys. As a freelancer, Kerry has built hundreds of WordPress websites and assisted other freelancers and small agencies with WordPress support and business development. She is the founder of OwnWP, a production of Ultimate Solution, LLC.

Kerry specializes in processes and creating systems. She is passionate about helping others find their path to success and her aspiration with OwnWP is to encourage other freelancers in finding and using the right combination of tools and skills they need to do more than merely survive!

×

Connect. Network. Thrive! - 24 / 7 / 365 Request Slack Invite!

s2Member®