Whether you’re launching a business site, an online store, or a hobby blog, WordPress offers flexibility, ease of use, and advanced functionality that will help make it a smashing success.
But before you’re ready to go live, spend a few minutes thinking about security. Protect your site as much as possible to keep it safe from hackers and working for fans and customers at all times.
Continue reading → WordPress Security for Beginners
During an internal audit of the WP Fastest Cache plugin, we uncovered an Authenticated SQL Injection vulnerability and a Stored XSS (Cross-Site Scripting) via Cross-Site Request Forgery (CSRF) issue.
If exploited, the SQL Injection bug could grant attackers access to privileged information from the affected site’s database (e.g., usernames and hashed passwords). It can only be exploited if the classic-editor plugin is also installed and activated on the site.
Successfully exploiting the CSRF & Stored XSS vulnerability could enable bad actors to perform any action the logged-in administrator they targeted is allowed to do on the targeted site.
We reported the vulnerabilities to this plugin’s author via email, and they recently released version 0.9.5 to address them. We strongly recommend that you update to the latest version of the plugin and have an established security solution on your site, such as Jetpack Security.
Continue reading → Multiple vulnerabilities in WP Fastest Cache plugin
Over the last decade, video has become an integral part of successful business strategy. It’s no longer enough to have video on your site to stand out; it’s essential to have it woven throughout the customer experience to drive traffic, generate leads, boost engagement, and increase sales.
Despite the ubiquity of video, the available solutions for WordPress are often lackluster. Ads can ruin the moment, presenting irrelevant content and increasing site abandonment. On top of that, there are challenges with integrating technology and self-hosting video.
That’s why we’re excited to present Jetpack VideoPress.
Continue reading → Announcing Jetpack VideoPress: Ad-free, HD video for WordPress
Jetpack 10.2 is now available for download. We have some cool new features for you along with several bug fixes and performance enhancements.
Continue reading → Jetpack 10.2: Get More Widget Visibility Controls
The Jetpack plugin is an all-in-one solution for WordPress sites with free and premium features that boost performance, security, marketing, design, and publishing. It’s developed and maintained by Automattic — the people behind WordPress.com.
It integrates seamlessly with WordPress, saving you the hassle that comes with dozens of standalone plugins. But, at the same time, it allows you to enable only the features you need, keeping your site management process simple.
Let’s take a more in-depth look at some of the functionality included with Jetpack.
Continue reading → What is the Jetpack plugin?
When it comes to running a WooCommerce store, a secure checkout process is one of the most critical elements. While every step in the buyer’s journey is important, protecting your data and your customers’ personal details is absolutely essential. Keeping credit card numbers and other sensitive information shielded from hackers or other data breaches should be every store owner’s number one priority.
Here are ten ways to ensure a safe and secure WooCommerce checkout experience:
Continue reading → Ten Steps for a Secure WooCommerce Checkout Experience
You don’t have an SEO strategy unless you have a website performance strategy to go along with it. With each passing Google update, the skill and attention required to consistently rank highly are refined.
Google is now beginning to roll out ‘page experience’ as one of their ranking factors. Note that page experience is related to, but distinct from, user experience. Google has released a good amount of documentation explaining the specific website performance metrics they’ll be looking for.
While this update won’t be a drastic change, it will require your website to deliver a page experience that involves more than just speed. Page speed is important, but it’s also too broad of a metric to be very helpful.
Google’s three new site performance metrics (called Core Web Vitals) measure the tangible visitor experience on each page.
Don’t have time to learn about Core Web Vitals? Trust us and install our free plugin Jetpack Boost.
Continue reading → Three Site Performance Metrics That Impact SEO
Versions before 4.5.1 of the Software License Manager plugin for WordPress have an exploitable Cross-Site Request Forgery (CSRF) vulnerability. Any user logged in to a site with the vulnerable extension can, by clicking a link, be tricked to delete an entry in the plugin’s registered domain database table. The link can be distributed in an email, or on a website the victim user is likely to visit.
The good news is, there’s not much else that can be done by exploiting this weakness. And the attacker needs to know the id of the domain they wish to delete from the database beforehand.
Still, we recommend anybody running version 4.5.0 or earlier of the plugin to upgrade as soon as possible.
Continue reading → CSRF Vulnerability Found in Software License Manager Plugin
We’re thrilled to announce that Jetpack has acquired Social Image Generator, a WordPress plugin founded by Daniel Post.
Social Image Generator automatically creates social share images for your content, saving hours of tedious work. It creates images for all major social networks including Facebook, Twitter, LinkedIn, Pinterest, VK, WhatsApp, iMessage, and Reddit. Simply share your content as you normally would, and the images will automatically appear.
Continue reading → Jetpack Acquires WordPress Plugin Social Image Generator
A new month has arrived along with a shiny new version of Jetpack that provides an enhanced experience for you and your site visitors.
Continue reading → Jetpack 10.1: Customize Search in Block Editor
