Andrew Nacin, lead developer of WordPress, just finished a talk at Loopconf, where he talked about a series of related WordPress security fixes that spanned two years, with the final fix included into WordPress core under the guise of Emoji support.
No strict mode on WordPress databases
At a base level, the problems originated in that WordPress did not enable strict mode for MySQL. If
STRICT_ALL_TABLEShas been enabled, the security vulnerability that was addressed in WordPress 4.2 would not exist.Without strict mode, MySQL allows more flexible inputs, and doesn’t require the same level of precision in what it allows. For example, a long username would just truncate to the maximum allowed characters, versus be rejected.
Since MySQL can do strange things without strict mode enabled, there are obscure but significant ways for hackers to take advantage.
Icegram: WordPress Exit Intent
Icegram is the best WordPress plugin for optin forms, newsletter subscription,
call to action and visitor engagement.
WordPress: Why use a Child Theme?
A child theme is a theme that inherits the functionality and styling of another theme, called the parent theme. Child themes are the recommended way of modifying an existing theme.
A child theme consists of at least one directory (the child theme directory) and two files (style.css and functions.php), which you will need to create:
- The child theme directory
- style.css
- functions.php
Chris Lema: WordPress Memberships
Are you trying to build a membership site with WordPress?