WordPress 4.6.1 is secure compared with earlier versions.

WordPress has proved to be the top and most popular Content Management System (CMS) in the world. Nearly 26% of the web is powered by WordPress, as of March 2016. Since it is one of the largely used CMS, the threats are wide open, and the data are vulnerable to security risks. WordPress community is one of the most active community offering continuous support. When it comes to security, secure your WordPress website with the available plugins developed by the community.

WordPress 4.6.1As a recent announcement, WordPress has launched 4.6.1 update focusing more on improving the data security and also, insisted everyone update their sites immediately to avoid security breach in any norms. The main reason for this updates is that the previous versions 4.6 and earlier were affected by two security issues:

  • Path traversal vulnerability
  • Cross-site scripting vulnerability

Version Release Details:

Reported by Dominik Schilling, the path traversal vulnerability was in the update package uploader. He is the member of the WordPress security team and led the WordPress 4.6 development. This threat paves the way for the attackers to gain unauthorized access to restricted directories and files using HTTP exploit. The second is a cross-site scripting vulnerability in the images filenames, reported by Cengiz Han Sahin, a SumOfPwn researcher. Using this threat, the attackers can inject malicious JavaScript code into the software through a crafted image file. Many bug hunters and security researchers of various levels of expertise gathered for a big bug hunting session to ensure they make WordPress more secure by identifying the security issues and patching it.

WordPress has patched these vulnerabilities in this release which makes the update the most secured compared with 4.6 and earlier versions. The release not only came out with the security patches but also with 15 other bug fixes from WordPress 4.6. The bug fixes include the strange behavior of backspace, email server setup, RTL problem, plugin install infinite loop errors and more. Get the complete fixes details from the Core.

Is this update necessary?

It is an apparent fact that updates are mandatory as updates carry fixes of bugs. WordPress is considered to be the world’s most popular CMS, and it’s open source which means the codes are available free. The attackers can plan for a security attack for various reasons using the loop-holes in the base codes. WordPress team is on top as they continually monitor and alters the codes to make it secured. WordPress 4.6.1 is one such as it carries two security patches along with 15 other bug fixes. It clearly states that when updated to 4.6.1, the WordPress websites are sure to be secured from vulnerabilities.

Who are the contributors?

WordPress has also listed the contributors of this version, Hulse, Robert D Payne, Drew Jaynes, Marius L. J. (Clorith), Felix Arntz, Fredrik Forsmo, Gary Pendergast, Ian Dunn, Ionut Stanciu, Jeremy Felt, Joe McGill, Pascal Birchler, Sergey Biryukov, geminorum, and Triet Minyy

How To Update?

Log in to your dashboard and click “Update Now” from Updates menu or download WordPress 4.6.1. Sites that support automatic background updates have already begun to update to the newer WordPress version.

Advertisements

Few good Tricks To Improve Your WordPress Theme

Improve your WordPress Themes

In WordPress, the “Themes” play a vital part in making one’s site look unique and impressive. To that fact, there are thousands of themes available for the users to choose from and download, these are either offered for free or for a premium. However, did you know all these themes can be further tweaked in order to get better optimization, features or customization?

Well, let’s have a look at few simple yet effective tweaks that can be done to your WordPress themes, to offer better and safer experience to your website visitors.

Theme Images

Images are the primary part of most themes; they are on the logos, the backgrounds, icons and so on. However, WordPress theme developers sometimes fail to realize that their high resolution/high quality images are actually doing more bad to the theme users than good.

How? A high resolution image may make the theme look very pretty and luring, but, what they are also doing is, drastically increasing the load time of these images. When we factor that there are multiple images within a webpage; we can assume how greatly they would affect the total load time or bandwidth consumption – resulting in a very slow website altogether, which we don’t want.

Hence, by optimizing these images we can ensure for a better web experience for our website users. To do that we need to use photo editing tools (for example “Photoshop”), and reduce the image’s resolution through quality settings. Lowering the resolution up to the point just before where the image starts to have a hit on its color or quality would be your sweet spot. Also, some tools offer you options to reduce image file size without making much change to the image’s quality.

This should effectively speedup the theme.

wordpress development

PHP Flush

Like the above step, the purpose of this function is to make your WordPress blog load faster too. A PHP flush should be added immediately after the header, this forces the server to send the header content before rest of the website.

<?php flush(); ?>

What this does is give the browser enough time to load stylesheets in the header reference when it’s waiting for other contents of the webpages to load.

Favicon

Favicon makes your website look professional. But, what is a favicon? It is the icon that you see on the browser’s address bars. Some themes do not come with it by default, in-order to add one you can do the following.

<link rel=”icon” href=”favicon.ico” type=”image/x-icon” />

The “href” refers to the favicon file. Adding this code within the header.php found inside the theme’s directory should get your icon up on the bar.

Theme Security

Hackers and other such malicious users can take advantage of various weaknesses within a specific version of the WordPress to attack your website. What makes it ironic is that, your WordPress version is displayed right on the header.

So, what do you do? There’re few steps you can take to get your website protected – that is by removing the displayed version number altogether. The generator code is placed within the <head> tags of the theme.

Step 1
•   Check if the following line is present in the header.php <meta name=”generator” content=”WordPress <?php bloginfo(’version’); ?>” />
•   If yes, then remove it, as it prints the version number as the <meta> tag.

Step 2
•   Now, under functions.php (you can create one if it does not exist, using “source code editor”) past the following: <?php remove_action(‘wp_head’, ‘wp_generator’); ?>
•   This ensures that the version number won’t be available through wp_head()

Login Errors

Hiding your login errors is another way of protecting your themes too. The reason being that when a person types in a wrong password or a wrong username this error code reveals the exact type of error to the users.
That is; when one type’s in a wrong username the message states its so, giving the potential hacker a confirmed feedback. And when the password alone is wrong, it states that too, ensuring to them that a username is valid, which only requires from them to hack for the password.

So, to remove this – add the following line under functions.php.

add_filter(‘login_errors’, create_function(‘$a’, “return null;”));

Making these minor changes to your wordpress theme, will ensure that it better optimized for safer and faster browsing experience.

WordPress vs. Magento: Which Ecommerce Platform is Better For Your Website?

If you are having any idea about opening up a new ecommerce website, or if you are advising anyone, who is planning to build an ecommerce website, then the very first step that you need to take is making a wise decision on which ecommerce platform should be used.

wordpress-vs-MagentoBefore choosing a best ecommerce platform for your ecommerce website, there are a few basic things that you need to keep in mind.

As both the ecommerce platforms have same functionality, it is very important for you to keep in mind the background.

WordPress:

WordPress is a free and open source blogging platform created by Matt Mullenweg and Mike Little. It is a hugely popular content management system or CMS based on PHP and MySQL. It is the single largest ecommerce platform used for content creation. When compared to other platforms, more number of blog posts is written on WordPress websites such as WordPress.org and WordPress.com platforms.

Plugin architecture is one of the very popular features that enable developers to extend its abilities beyond the core installation. WordPress has a huge database that consists of more than 26,000 plugins, each plugin offers custom features and functions that enable developers to build websites based on their specific requirements.

Magento:

On the other hand, Magento is also an open source ecommerce web application that is developed by Varien with the help from developers within the open source community. Magento was started as open source software; hence it was relatively very easy to launch and then it grew rapidly to a point that there is actually more money spent on Magento based websites all around the globe. That is definitely part of why eBay bought Magento now.

Similar to WordPress being a blogging platform that moved into ecommerce, Magento is also an ecommerce platform that added blogging as a plug-in.

So, which ecommerce platform is best?

It is a fact that there is never a perfect solution for any problem, but if you understand the background of the two ecommerce platforms, you can able to make the right decision on which one will be the best suitable for your ecommerce website.

You may want to build a website that is going to be strictly an ecommerce play, possibly with a blog attached just to enhance the website for good visibility, search engine optimization and user engagement.

Or, you may want to create a website that is going to be a collection of blogs, posts, customer interactions and so on with an element related to that hoping to sell products that are directly tied to the content that is created.

Based on your requirements, you need to choose the best ecommerce platform. With a pure ecommerce website, Magento may be the best option. If your website is more of a content play, then WordPress may be the way you need to go.