WordPress Now Powers Over 1/3rd of the Top 10 Million Sites

Presented by Kerry Carron on 03/18/2019 2:00pm

WordPress @ Work - WP News that Makes a Difference

WordPress Marketing TweaksWordPress has managed to hit an unprecedented new milestone. According to W3Techs, WordPress now powers over 1/3rd (33.4%) of the top 10 million sites on the web increasing exponentially from 29.9% only one year ago. Interestingly, that is more than 60% of the market share, with Joomla coming in second place holding 2.9 % of the websites and 5.3% of the market share. WOW! That is quite the disparity!

On another topic, the most recent stable version of WordPress has been released. WordPress 5.1.1 is a security and maintenance release that also introduces 14 fixes and enhancements, including changes designed to help hosts prepare users for the minimum PHP version bump expected to be released with WordPress Version 5.2.

Other WordPress developments include a proposal being explored for a new Block Directory. The directory would make blocks searchable and installable from within the Gutenberg editor and is designed for single block entries only.

Block collections and blocks that do not meet the requirements of the single block directory would still be available via the normal plugin installation process. AS you can imagine, this will be confusing for users who do not know that blocks can be found in two separate directories, but the long term goal is to make the block process as seamless as possible.

WordPress Community News

Alex Mills update: Sadly, Alex passed away on February 27th at home with his family. Rest in Peace, Alex. You will be missed by the WP community but due to your many valuable contributions to the  WP community, your legacy goes on.

Upcoming WordCamps

From: WordCamp Central

WordCamp Osnabrück –
OSNABRÜCK, GERMANY March 23–24, 2019

WordCamp Bordeaux – BORDEAUX, FRANCE March 23, 2019

WordCamp Entebbe – ENTEBBE, UGANDA March 30–31, 2019

WordCamp Torino – TURIN, ITALY April 5–6, 2019

WordCamp Santa Clarita
April 5–6, 2019

WordCamp Raleigh, North Carolina, USA – RALEIGH, NORTH CAROLINA, USA April 6–7, 2019

WordCamp Madrid – MADRID April 6–7, 2019

WordCamp London – LONDON April 6–7, 2019

WordCamp Rotterdam, Netherlands
ROTTERDAM April 12–13, 2019

Known WordPress Vulnerabilities

Vulnerabilities without a Fix

Quiz And Survey Master - Authenticated Cross-Site Scripting (XSS) that echoes the quiz_id parameter without proper encoding.

If an attacker executes JavaScript in using the name of an attacked user, they can bypass Cross-Site Request Forgery (CSRF) protection and perform any actions that the original legitimate user could perform, including reading data that the user could access.

Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data, since the attacker has no way to see the response to the forged request.

Vulnerability Fixes

Blog2Social in Version5.0.2 (or before)  – Authenticated Cross-Site Scripting (XSS) – Update to version 5.0.

WP Fastest Cache Version (and before) – Unauthenticated Arbitrary File Deletion – Update to version

A successful attack allows an unauthenticated attacker to specify a path to a directory from which files and directories will be deleted recursively. An exploit could leads to data loss and potentially a DoS against the website.

According to the developer, there are a whole lot of things that must align for this attack to be possible:

  1. WP Fastest Cache is installed and the cache is activated -
  2. WordPress is configured to use 'pretty' URL schemes, like /<data>/<title> etc. -
  3. WP Postratings [1] is installed -
  4. At least one ratable post or page was published

But the fact remains that the a vulnerability exists.

Caldera Forms Version 1.8.1 (and before) - Unspecified Security Issue – Update to version 1.8.2.

If you do not have Caldera Forms Pro API keys activated, this issue does not affect you. This is only an issue if you have Caldera Forms connected to the Caldera Forms Pro API. The update includes the security fix.

Abandoned Cart Lite for WooCommerce Version 5.1.3 (and before) - Stored Cross-Site Scripting (XSS) – Update to version 5.2.0.

Abandoned Cart Pro for WooCommerce Version 5.1.3 (and before) - Stored Cross-Site Scripting (XSS) –Update to version 5.2.0.

FormCraft Version 1.2.1 (and before) - Cross-Site Request Forgery (CSRF) – Update to version 1.2.2.

If exploited, when you log into the WordPress administration screen and browse an affected page, you may unintentionally perform operations that may include generating new forms, inserting JavaScript code to existing forms, and deleting existing forms.

Smart Forms Version 2.5.15 (and before) - Cross-Site Request Forgery (CSRF) – Update to version 2.6.16

SG Optimizer (Site Ground) Version 5.0.12 (and before) - Unauthenticated File Upload – Update to version 5.0.13.

A successful attack on the SiteGround Optimizer would allow the insertion of backdoors to stores.

If you use this plugin and also use the SiteGround hosting environment, no additional action is required – your update has been completed for you. If you use the plugin outside of the SiteGround environment, you will need to manually update the plugin.

OwnWP Community Focus

OwnWP Feature Focus – Live Events

As we have mentioned, our live event attendance has been continually dropping – even with our few regular attendees. At the same time, we often have scheduled speakers who are putting in their time and energy to prepare for and present their presentations.

Low attendance makes it really difficult to attract new speakers and present on more (and new) topics. Not to mention the difficulty it presents in keeping the speakers motivated in wanting to present to our community, coming back, and perhaps most importantly keeping them motivated during the presentations themselves.

We had a unique situation at our last Live Event. At the time of the scheduled event, we had no attendees logged in at all. This was very disappointing. This situation really puts everyone involved in the production of the event in a less than ideal position.

In this case, we suspected this possibility of a no-show and discussed during the preshow what our options might be – reschedule, cancel, etc. Thankfully, this was one of our regular presenters and he was kind enough to simply push his presentation a month and will be presenting the material next month during his next scheduled event.

The bottom line is that everyone’s time is important. This being said, it should not be expected that a presenter conducts a presentation when there is no one there – even if there is a replay planned. This is not to say that pre-recorded presentations are not a possibility just that going forward the OwnWP Live Events will only be presented if there is at least one attendee present at the event’s scheduled start time.

So, if you are a regular attendee, please do your best to arrive on time, because if you are not there, the presentation will not be conducted.

Affiliate Product of the Week: ScreenFlow

ScreenFlow is a video production tool that may be used for any type of video from home movies to professional video. This product was developed for Mac users but many PC users choose to run Parallels just so they can use this fantastic video production software. It is really that great.

We’ve been using ScreenFlow since we started our business back in 2009. We had also used Camtasia and found that ScreenFlow was just simply more intuitive.

Screenflow has changed dramatically over the years and it just keeps getting better and better.

Screenflow Discount

ScreenFlow is currently celebrating video makers with a 30% discount off all new license purchases. The deal is only good in the month of March (2019)! After that, you may have to pay their regular price – which in our opinion, is still very much worth the cost.

There is an awesome new feature in ScreenFlow called the Stock Media Library. For an additional $60 a year you gain access to over 500,000 images, audio, video clips and more for use in your ScreenFlow documents. OwnWP has recently added this new feature to our video production arsenal and we have to admit, it is pretty slick!

If you want to learn more about ScreenFlow, register for our next live event. We’ll be getting into all the exciting things that ScreenFlow offers. If you miss the live event, check out our webinar post/replay, or visit the Telestream website.

But right now, there are 2 Ways Get ScreenFlow:

Use Our Link: Click this link (or the discount image) to get the details, and if you happen to buy, we get a thank you commission – a little to keep this site running for a while and maybe even enough to buy a fancy coffee.

Option 2: With this link, you can still explore the page and make a purchase, but this time we’ll get nothing. But hey, it’s OK. No worries, no guilt trip.

Either way, there’s no obligation to buy or take action – we’re just here to help you… Connect. Network. Thrive!

OwnWP Calendar of Events – Free Registration

Network News Registration

Mondays @ 2 pm Mountain time – Network News followed by our Community Connections

Weekly Webinar Registration

Thursdays @ Noon Mountain time – Weekly Webinar

If you or anyone you know is interested in presenting on OwnWP either as a single, stand-alone presentation or more regularly scheduled event, please contact us.

Presenter Bio: Kerry Carron

Kerry Carron is a loving wife and mother of three grown boys. As a freelancer, Kerry has built hundreds of WordPress websites and assisted other freelancers and small agencies with WordPress support and business development. She is the founder of OwnWP, a production of Ultimate Solution, LLC.

Kerry specializes in processes and creating systems. She is passionate about helping others find their path to success and her aspiration with OwnWP is to encourage other freelancers in finding and using the right combination of tools and skills they need to do more than merely survive!