Vulnerability in Yoast SEO

Less than 3 days after WordPress core pushed a security update fixing some vulnerabilities comes another security release this time for Yoast SEO plugin. We use this plugin on all of our SEO customers websites and it is immensely popular among website owners with over 1 million active installs.

On Tuesday Panagiotis Vagenas from WordFence Security discovered a security hole in the plugin that would allow any user level within WordPress to access the import and export features of the plugin. In effect this could allow a commenter on your site to download your Yoast SEO settings, change a few things and upload new ones.

This security hole is not dangerous to your website however it could be used to cause harm to your search rankings and undo months of SEO work on your website.

WordPress 4.5.2 patches security vulnerabilities

Over the weekend the WordPress COE team released version 4.5.2 of the popular content management system fixing 2 security vulnerabilities found in third party libraries used within WordPress.

The first is a Same-Origin Method Execution in Plupload, the third party library WordPress uses to handle file uploads. The second is a reflected cross-site-scripting vulnerability in MediaElement.js, the third-party library used for media players.

WordPress’s new automatic update feature will apply this update to your site over the next week as the release is marked medium risk but if you can’t wait you can manually apply the update from within WordPress under Dashboard > Updates.

Impressive WordPress Stats

WordPress powers one in every four websites you visit online. Thats Huge! It’s safe to say WordPress is no longer just a blogging tool – it’s by far the most popular content management system online and here are the numbers to back it up.

Ever had someone tell you WordPress is just for bloggers, here are some facts that proves its dominance.

WordPress Powers 25.5% of the Web
WordPress has seen some remarkable growth in recent years and isn’t going to slow down any time soon. WordPress reported 20% of all websites where running the platform just 2 years. If that growth trend continues we will see it reach 30% in 2017

WordPress Powers 30% of the Top 1000 Websites
If the first stat here didn’t impress you, consider WordPress is running The New York Times, CNN, TechCrunch and the NFL. 300 of the top 1000 most trafficked sites on the Internet are running on top WordPress

There Have Been 144 Versions of WordPress
Volunteers all over the world contribute to WordPress ensuring it is regularly updated and secure. WordPress 4.4 alone had over 471 people contribute code.

WordPress is Available in 57 Languages
WordPress can deliver your content to visitors world wide. If English isn’t your native language you can download WordPress Bengali, Danish, Esperanto, and Icelandic just to name a few

There are Over 42,000 Plugins
And that is just the free plugins on WordPress.org. There are even more premium plugins on CodeCanyon, WooThemes and other sites.

WordPress Developers earn $50 an Hour
In Matt Mullenweg’s 2012 State of the Word he announced that are over 6,800 self-employed people developing websites on WordPress and charging a average of $50. The 2014 State of the Word showed that a quarter of these people make a full time living off the CMS.

18 New WordPress Posts Ever Second
In an avaerage month on WordPress.com and self hosted sites with the Jetpack plugin installed there are 53.1 million new blog posts. That is 1.7 million new posts every day and over 1000 a minute.Totalled up these blogs produce 43.5 million comments every month

WordPress Calypso

So first of all let’s clear something up. Calypso is not replacing WordPress.org admin anytime soon.

There are a number of reasons for this but the main one been most hosts are not ready for it. Calypso is built using server side technologies called Node.js and React and the simple fact is almost every shared host out there doesn’t support these. Instead the guys over at WordPress.com have built support into their Jetpack plugin and are allowing you to manage your self hosted WordPress site from within WordPress.com

This is all done via the REST API Jetpack adds to your self hosted WordPress.org site and in fact this is exactly what is happening with WordPress.com sites WordPress is still PHP and MySQL and will not change.

Now that is cleared up why do we need this new UI. This is not something that is needed it after I played around with this for over day including writing a few posts across a number of sites this I can say it is basic. Something an every day user with no technical skill will love but for me I found it limiting.

This simplicity is clear in the layout of the whole interface and is perfect for a WordPress.com user forcing this on self hosted WordPress.org users is over simplifying WordPress for a lot of advanced users. Personally this is something I can see myself setting up for a client to update their website via and not something I will be using. Which brings me to my last point it is always possible to get back to the old UI simply by logging in on your domain and not WordPress.com.

WordPress 2.7 is Here

WordPress LogoWordPress 2.7 has been out since 11 December, I sadly current get to a computer to write a post until now but here it is.

There’s been some Major changes to the back-end admin page design and some new keyboard shortcuts.

Plus 2.7 also allows comments to be split into pages and threaded.

WordPress 2.7 makes it even easier to upgrade with built in core updates similar to the plugin updater in 2.6.

The guys at automattic put a video together showing some of the changes.