How to Restore or Reset Your WordPress Password

Posted on January 20, 2022 by Simon Keating

Not being able to log into the backend of your WordPress website can be a nerve-racking experience, whether you can’t remember your password or no longer have access to your recovery email address. 

Fortunately, there are different methods that you can use to change, reset, or recover your WordPress password. In this article, we’ll explain the importance of strong password security and the difference between changing and resetting it. Then we’ll share eight methods you can use to restore or reset your WordPress password and offer some additional security tips. Let’s get started!

Continue reading → How to Restore or Reset Your WordPress Password
Posted in Security | Comments Off on How to Restore or Reset Your WordPress Password

Backdoor Found in Themes and Plugins from AccessPress Themes

Posted on January 18, 2022 by Harald Eilertsen

While investigating a compromised site we discovered some suspicious code in a theme by AccessPress Themes (aka Access Keys), a vendor with a large number of popular themes and plugins. On further investigation, we found that all the themes and most plugins from the vendor contained this suspicious code, but only if downloaded from their own website. The same extensions were fine if downloaded or installed directly from the WordPress.org directory.

Due to the way the extensions were compromised, we suspected an external attacker had breached the website of AccessPress Themes in an attempt to use their extensions to infect further sites.

We contacted the vendor immediately, but at first we did not receive a response. After escalating it to the WordPress.org plugin team, our suspicions were confirmed. AccessPress Themes websites were breached in the first half of September 2021, and the extensions available for download on their site were injected with a backdoor.

Once we had established a channel for communicating with the vendor, we shared our detailed findings with them. They immediately removed the offending extensions from their website.

Most of the plugins have since been updated, and known clean versions are listed towards the bottom of this post. However, the affected themes have not been updated, and are pulled from the WordPress.org theme repository. If you have any of the themes listed towards the bottom of this post installed on your site, we recommend migrating to a new theme as soon as possible.

This disclosure concerns a large number of extensions, both plugins and themes. Skip to the list below, or read on for the details.

Continue reading → Backdoor Found in Themes and Plugins from AccessPress Themes
Posted in Vulnerabilities | Tagged , | Comments Off on Backdoor Found in Themes and Plugins from AccessPress Themes

How to Check and Update Your WordPress Site’s PHP Version

Posted on January 12, 2022 by Simon Keating

PHP is an essential part of any WordPress website. For this reason, you want to make sure it’s running as smoothly as possible. But knowing the best way to navigate this process isn’t always easy.

The good news is that we’re here to help. By understanding the principles behind PHP and the process of updating it, you can maintain this core element of your site.

In this article, we’ll introduce you to PHP and explain why it’s important. Then we’ll show you how to safely check, update, and upgrade your PHP version on three different web hosts. 

Continue reading → How to Check and Update Your WordPress Site’s PHP Version
Posted in Security | Leave a comment

Jetpack 10.5: New features and under-the-hood improvements

Posted on January 11, 2022 by Sami Falah

The new year comes with a shiny new Jetpack. This month, we’re shipping new features for VideoPress, as well as other under-the-hood improvements and bug fixes to create a better Jetpack experience for you and your site.

Continue reading → Jetpack 10.5: New features and under-the-hood improvements
Posted in Features, Jetpack News, Releases | Tagged , , | Leave a comment

How to Remove Your Site from Google’s Blacklist

Posted on January 6, 2022 by Simon Keating

You put a lot of work into your website, creating great content, engaging with your community, and maybe even listing products. But, one day, you start to notice that it’s not showing up on Google anymore. And one of your followers or customers mentions that they see a scary red warning when they type in your URL. What’s happening?

Well, your site may have ended up on Google’s blacklist, a scenario that can definitely be confusing and stressful. But don’t panic! We have all the information you need to understand if you’re on the blacklist, why your site was flagged, how to get back to normal, and how to prevent this from ever happening again.

Note: to encourage inclusivity, Jetpack has decided to use the term “blocklist” instead of “blacklist” throughout the rest of this article. 

Continue reading → How to Remove Your Site from Google’s Blacklist
Posted in Security | Leave a comment

How to Move a WordPress Site from Localhost to a Live Site

Posted on December 29, 2021 by Rob Pugh

It’s common practice for WordPress developers to create websites on a localhost, which is a local server hosted on their personal computer or laptop. Developing websites locally has a lot of advantages over a live server, but once site development is complete, it needs to be moved to a live website and made publicly accessible.

If you’re relatively new to website development, moving a WordPress website from localhost to a live website will require a bit of extra learning. The process can be quite involved and take some time if you do it manually. 

While a plugin is the easiest solution for migration, you may run into some issues if your site is particularly large or if there are any conflicts between the local and live environments. So, in some cases, a manual migration is still the best option.

Continue reading → How to Move a WordPress Site from Localhost to a Live Site
Posted in Learn | Leave a comment

Why You Should Avoid Using Nulled Plugins and Themes

Posted on December 23, 2021 by Simon Keating

It’s a general rule that if something seems too good to be true, it probably is. That’s especially true when it comes to nulled themes and plugins for WordPress sites. What can seem like a great deal on software can damage your website and result in more problems and costs than any potential savings. For safety and security, it’s important to be able to identify and avoid nulled software.

Continue reading → Why You Should Avoid Using Nulled Plugins and Themes
Posted in Security | Tagged | Leave a comment

Benefits of Using a Backup Plugin vs a Hosting-level Backup

Posted on December 16, 2021 by Simon Keating

Are you trying to find the perfect backup solution for your WordPress website? Then you’ve probably already discovered that not all backups are created equal and there are many options to choose from. It’s hard not to stress about this choice when it seems like your site’s safety depends on it. 

While you can opt for backing up your site manually, this is very time consuming and can be prone to human error due to all the technical details involved. It can also be very impractical if you’re running a site with dynamic content that changes on a daily or even hourly basis. Using an automated method of backing up your WordPress site will not only save you time and money, but will likely give you more consistent, reliable backups. 

In this post, we’re going to explore why backups are so important. Then we’ll discuss the pros and cons of two automated backup options — backup plugins and hosting-level backups — and explain why using a backup plugin is almost always the best choice. Let’s get started! 

Continue reading → Benefits of Using a Backup Plugin vs a Hosting-level Backup
Posted in Security | Leave a comment

Severe Vulnerabilities Fixed in All In One SEO Plugin Version 4.1.5.3

Posted on December 14, 2021 by Marc Montpas

During an internal audit of the All In One SEO plugin, we uncovered an SQL Injection vulnerability and a Privilege Escalation bug.

If exploited, the SQL Injection vulnerability could grant attackers access to privileged information from the affected site’s database (e.g., usernames and hashed passwords).

The Privilege Escalation bug we discovered may grant bad actors access to protected REST API endpoints they shouldn’t have access to. This could ultimately enable users with low-privileged accounts, like subscribers, to perform remote code execution on affected sites.

We reported the vulnerabilities to the plugin’s author via email, and they recently released version 4.1.5.3 to address them. We strongly recommend that you update to the latest plugin version and have an established security solution on your site, such as Jetpack Security.

Continue reading → Severe Vulnerabilities Fixed in All In One SEO Plugin Version 4.1.5.3
Posted in Vulnerabilities | Leave a comment

Complete, Incremental, and Differential Backups: What’s Best?

Posted on December 10, 2021 by Rob Pugh

There are many things that can go wrong with your website, from a hack to unplanned downtime. If an incident occurs, it’s vital to have a backup of your site’s files so you can restore to an earlier version. However, it’s important to choose the right kind of backup.

The good news is that, once you understand each of the options, narrowing down your decision becomes significantly easier. Familiarizing yourself with the pros and cons of the available solutions will better position you to choose the right one for your specific needs. 

Continue reading → Complete, Incremental, and Differential Backups: What’s Best?
Posted in Security | Leave a comment

  • Enter your email address to follow this blog and receive news and updates from Jetpack!

    Join 110,311 other followers

  • Browse by topic