Unplug Those High Risk WordPress Plugins!

WordPress is a free and open source blogging tool based on PHP and MySQL that has evolved into a full content management system (CMS) with a plug-in architecture and a template system that extends its power and functions beyond basic expectations.

Because of its open source nature, one of the greatest benefits WordPress users enjoy is that hundreds of people all over the world are free to use it, work on it, and develop other products based on it that get plowed back into the WordPress marketplace and community. This has resulted in tens of thousands of plugins and themes flooding the market today. However, this freedom has also made WordPress a popular target for attacks, especially 3rd party plugins that fail to go through or pass coding standards and security guidance or requirements, making it vulnerable to hackers and malicious mass infections.

In a recent research conducted by Checkmarx, a security solutions provider using automated code analysis, it identified that more than 20% of the most popular WordPress plugins are vulnerable to web attacks.

According to the Report:

20% of the 50 most popular WordPress plugins are vulnerable to common Web attacks. This amounts to nearly 8 million downloads of vulnerable plugins.

  • these plugins are vulnerable to: SQL Injection (SQLi), Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), and Path Traversal (PT).

7 out of top 10 most popular e-commerce plugins are vulnerable to common Web attacks. This amounts to more than 1.7 million downloads of vulnerable e-commerce plugins.

There is no correlation between the number of Lines of Code (LOC) and the vulnerability level of the plugins.

  • the smaller the code does not necessarily mean the safer the code. On the contrary – some plugins that included only a few thousand lines of code contained more types of vulnerabilities than plugins containing tens of thousands lines of code.

Vulnerable top 50 general plugin types vary.

  • – e-commerce, feed aggregators, APIs, social network linking

Only six plugins were completely fixed in a 6-month time period – although all plugins updated their versions during this time.

  • A first scan ran in January 2013 showed a higher rate of vulnerable plugins where more than a third (18 out of 50) of the plugins were vulnerable. In total, this meant that nearly 18.5 million vulnerable plugins were downloaded. Vulnerabilities in that first scan also presented the existence of RFI/ LFI vulnerabilities.

Recommendations

WordPress plugin vulnerabilities affect three major parties: the web admins, the plugin developers, and WordPress itself. Below are some of the recommendations stated in the report.

For Web Admins

  • Download plugins only from reputable sources. For WordPress, this means WordPress.org
  • Verify the security posture of the plugin by scanning it for security issues
  • Ensure all your plugins are up to date
  • Remove any unused plugins

For Plugin Developers

  • Integrate security within the plugin development
  • Run the plugin through a code scanner to ensure that it stands up to a security standard

SMBs or simple home-based businesses that do not have a built-in or sophisticated IT department to go through all these checks and balances, run a high risk of vulnerability because of the great deal of trust they place in available 3rd party plugins (especially the free ones). Web administrators need to be more discerning and thorough in their research before installing any plugins on the sites they manage. Plugin developers need to be self-governed and abide by security coding best practices. As each one does his part, this ensures that the whole WordPress community stands to benefit in the end.

Around the WordPress Neighborhood

The WordPress community is comprised of people from all over the world – developers, designers, experts, users, writers, volunteers, and everyone else no matter what skill level they are at – movers and shakers who collaborate and contribute to enrich this ecosystem we belong to. We enhance our own knowledge and grow and improve by learning from one another and by opening ourselves to different perspectives and different points of views.

Here’s a roundup of useful articles from contributors in and around the WordPress community that we think you will find useful.

A Conversation with Om – by Siobhan McKeown

Siobhan McKeown is in search of WordPress users to feature in her book about WordPress and blogging and Om Malik is one of the people on her list. She shares Om’s blogging journey and how it has evolved since the early days. Siobhan McKeown is editor in chief at WP Realm and runs Words for WP, a copywriting service dedicated to WordPress service providers.

Contributing To WordPress – by Siobhan McKeown

If you have been wanting to be more involved in the WordPress community but didn’t know how or where to start, this article opens up the doors to how you can take part. This article shares why you should get involved and enumerates the many ways you can contribute, no matter what your skill set may be. Find out where you can plug your self in and be a proactive member of this dynamic community.

The Future of UI – How Mobile Design Is Shaping The Web – by Sarah Cannon

In this slideshare presentation, Sarah Cannon shares valuable insights on how smart mobile devices have impacted the web. She discusses the influence of mobile on design, trends, and implementation methods, as well as how touch is changing our lives. She also touches on topics such as HiDPI graphics, UI/UX patterns, touch target sizes, gestures, and managing expectations. All the while not losing track of what’s important: Content.

5 Ways to Support High-Density Retina Displays – by Craig Buckler (SitePoint)

In this article, Craig Buckler gives a quick rundown on how to support high retina displays. As hardware manufacturers move towards HD Retina Displays in all sorts of devices, Craig Buckler gives some practical advice on how to manage images and resolution. Craig Buckler is a Director of OptimalWorks, a UK Consultancy dedicated to building award winning websites.

What is a WordPress Child Theme – WPBeginner

p>This article published by WPBeginner is a very good and solid introduction to understanding how WordPress Child Themes work. It explains in detail what a WordPress Child theme is, its use, its advantages and disadvantages, and what to look for as far as picking a good parent theme. WPBeginner is a free WordPress resource site that provides tips, tricks, hacks, tutorials, and other WordPress resources geared towards WordPress beginners.

Business and Solutions – by Thomas Griffin

If you are a WordPress developer, author, or designer, Thomas Griffin’s insights regarding the how the WordPress marketplace is affecting developers like him. Read about his thoughts regarding Avada, Envato, and Genesis and his shift from being a developer into a marketer. Thomas Griffin is an expert WordPress developer, creator of hundreds of themes and plugins, WordCamp speaker, and a valuable contributor to WordPress products.

Redefining My Website – by Brian Gardner

Brian Gardner is well-known in the WordPress community and is the man behind StudioPress and the popular Genesis Framework. He has released several WordPress child theme designs that are currently being used ii and around the WordPresseaommundty. on about his current website redesign and glean insights from his creative journey.

Owning Your Content – A WordPress User’s Guide – Alex Denning (WPShout)

Interesting read about protecting and “owning” your content on the web as Alex Denning shares about protecting images, licensing content, and how social networking sites such as Instagram, Pinterest, and Facebook impact how your images and content are treated. Alex Denning started WPShout around 4 years agoa as a collection of WordPress tutorials.

Finely Tuned Consultant – Aaron Campbell (WPEngine Interview)

WordPress professionals will glean a lot and learn valuable lessons and insights from WordPress Consultant Aaron Campbell in this interview published by WPEngine. Aaron shares his experiences as a WordPress professional and how he deals with the challenges faced by every WordPress consultant on the job. You can find more of Aaron Campbell’s work at Ran.ge

Migrating a Website to WordPress Is Easier Than You Think – Jonathan Wold

If you need are a WordPress beginner and you want to migrate an existing website to WordPress, this article gives you basic and concrete steps you can take to accomplish this. From evaluation, to set up, to importing content, to the actual migration and publishing, Jonathan Wold guides you through each process using instructions, code, video, and images. Jonathan Wold is a full-time business consultant and WordPress developer specializing in basic and advanced WordPress migrations.

Best BuddyPress Themes May 2013

BuddyPress is an open source social networking software package owned by Automattic – essentially, a plugin that can be installed on WordPress to transform it into a social network platform. If you are considering to up the ante on your blog by being more socially connected, here are some of the best BuddyPress themes you can check out:

Flix BuddyPress Ready Team Blogging

Flix is a powerful and flexible community blogging theme for WordPress. you can use to start your own community in no time. This theme includes BuddyPress and bbPress as part of the many superb features of this theme. It also includes a SmartTab system where you can put authors in the spotlight. Easily order the front page by posts from a specific author a specific category without reloading the page. The team blogging feature is perfect for both small and big blogs that have multiple contributors. This responsive theme is also whitelabel enabled which means you can easily customize the theme to suit your business brand.

OneCommunity BuddyPress Theme

OneCommunity theme is a responsive WPMU compatible theme integrated with a BuddyPress plugin. This plugin allows users to register on your site and start creating profiles, posting messages, making connections, creating and interacting in groups and much more. This theme is a social network in a box where you can build a social network for your company, school, sports team or niche community. The theme includes over 40 inner pages to manage profiles, activities, messages, group messages, invitations, subscriptions, and forums of both members and groups.

Razor

Razor is a responsive and clean, professional looking BuddyPress theme for WordPress. Built on a responsive layout structure and supporting Retina (HiDPI) enabled devices, this theme is packed with powerful modern features and the advanced controls such as Drag and Drop Layout Manager, Contact Form Builder, White Label Admin, Sidebar Manager and so much more. Building websites, communities, social networks is a breeze with this amazing looking theme. The possibilities are endless.

Social Buddy

Social Buddy is a responsive, flexible, BuddyPress and BBPress integrated community WordPress theme that is perfect for niche communities and social networks. Its fully fluid responsive design makes it work beautifully on mobile devices. This theme includes extensive documentation and an intuitive options panel making setup and customization a breeze. Theme support is excellent and top notch.

Reinventing Traditional Media

Traditional Media is dead, Long Live New Media! Well, not entirely so. In fact, the “marriage” of both could result in a more powerful tool to reaching a specific target market IF Traditional Media “reinvents” itself.

Young and adventurous entpreneurs capitalizing on technological skill and savvy have been at the forefront of the digital landscape taking up virtual territories and planting their stakes wherever they set their feet on. Many of them started out as “newbies” but are now the digital brands to beat and conquer. They have upstaged the traditional name brands and have become household names all around the globe. Who does not know Facebook, Twitter, or Tumblr? But the traditional big brands aren’t to be dismissed just yet. They might have a little bit of catching up to do but they can still capitalize on the years they have invested in establishing their brands and their name. The good thing that these brands have going for them is the hard-earned trust together with the existing essential structure and framework needed to service their traditional market which can be restructured to adapt to the needs of consumers in this digital age.

The challenge of traditional media is to bridge the great divide between the physical and the digital realm and rethink the way they reach their audiences. The challenge of new media, on the other hand, is to offer more than just content to their users by offering something more substantial, something tangible. In short, physical products or stuff consumers want or need are part of a strategy to retain their audience and increase their reach even more. Yes, “Content is king” but in the marketplace, the “Consumer is king”.

For both traditional and new media, addressing the needs of today’s consumer, evolving as it is because of technology and the way networking has changed the way we relate to each other, is the way to go. What needs should be addressed? For today’s consumer, it is all about Content, Community, and Commerce. New media that is focused on content alone will find it challenging to sustain its audience especially if the same content is readily available elsewhere. Traditional media needs to understand the psyche of the tech savvy consumer and find new ways to encourage customer loyalty from these click-happy butterfly-esque customers. For both media types, it’s about addressing that basic need, the content or information that led them to your website in the first place. Next is connection or community. And finally, delivering this need into the hands of the consumer – the exchange of goods or Commerce.

Businesses who take advantage of today’s digital technologies like audio/visual tools, social networking channels, video streaming, mobile-enablement, and eCommerce empowered facilities, integrating them with all the best known methods in traditional media will stand a greater chance of surviving in today’s digital market.

WordPress Plugins for Front End Content Management

As the internet continues its path towards building stronger online communities, greater interconnectivity and increased social networking, website owners are opening up their doors to accepting content contributions from their audiences. To address the issue of privacy and confidentiality, some plugin developers have come up with front-end solutions to enable website owners to accommodate contributions from the community without compromising their backend controls.

Here are some useful plugins you can use to put everything you need for posting, editing, and uploading content on the front-end.

Front-End Editor by Scribu

Front-end Editor is a plugin that allows you to edit your content directly from the front end of your site. This comes in really useful when all you need is just to correct a typo or something you overlooked.

Front-End Uploader

This plugin is useful if you have multiple contributors to your site because this plugin allows them to generate content and easily upload it right on the frontend of your website. Essentially, the plugin is a customizable upload form that adds files with allowed MIME-type to your WordPress Media Library under a special tab “Manage UGC”. There you can moderate your user submissions – whether to: Approve, Delete, or Re-attach to other post/page/custom-post-type before they are officially published.

Frontend Checklist

Create HTML or PDF checklists your visitors can save or print anytime they come back to your site. These lists are saved via cookies which enables visitors to continue using the checklist where they left off when they re-visit your site.

MarketPress FrontEnd

MarketPress Frontend is a powerful ecommerce plugin that can be used to set up a stylish online store easily. This WPMU Dev created plugin can help you: manage orders, create and edit products, product tags, and categories, set up store settings such as shipping, payment gateways, and coupons, all through the front end. This means that all your confidential dashboard information will be hidden away from sellers or other users who don’t need to see all that information.

FV Community News

Need more content but challenged? This plugin allows users to contribute articles while still maintaining full control over what gets published.

With this Community News plugin you allow your visitors to add fresh or related content to your blog. This plugin comes with a moderation panel and a settings page including support for custom post types, images, widgets, and shortcodes. You can simply sit back and relax knowing that your blog will have a continuous supply of fresh content.

Just make sure that the plugins are compatible with your current WordPress version before you install any of them.

Blazing the Trail in 2013

Greater things are yet to come and they are exciting. There’s always something magical whenever the New Year comes. Technically, if you really strip this day down to what it really is and take away all the fireworks and celebration, it’s actually another normal sunrise and sunset in the calendar. Fortunately, this is not how majority of us see it. Many of us look forward to it with a lot of hope and expectations, a chance to start again, an opportunity to embrace new challenges, a time to let go of the old and wipe the slate clean, a new beginning for many.

For those of us in the WordPress community and the greater Internet population, things have never been more exciting. Imagine a single video garnering more than a billion views and still counting. Why is this significant? This simply gives us the information that there are a billion or more active Internet users out there that we can reach out to. As global interconnection continually increases, social behavior continues to adapt and our world seems closer and more reachable everyday. By force majeure the older generation are being pulled in by the tech savvy younger generation into the digital age as this has now become the common tool for communication. Social networking continues to expand and so has its demographic base.

For those who are in the WordPress marketplace and are serious about it, the hard questions need to be asked. Is it enough to simply ask what the ideal WordPress theme really is or what the perfect theme looks like? Are the current themes in the market today meeting the needs of the consumers, real and perceived? What about creativity and originality? Or innovation? Are we willing to think out of the box and be experimental as far as theme features and designs are concerned or are we just going to play it safe and blend with the crowd? Are we ready to meet the demands of the unstoppable rise of mobile computing and the multilingual global marketplace?

As we look into the future, those in the Internet and web development industry, (WordPress included) need to take a wholistic approach in planning for the next 12 months and beyond. Maybe some are just dabbling in WordPress theme development for fun while others are seriously considering it as a viable business opportunity worth investing in. Perhaps as we plan future steps maybe we can take a step or two back and view the WordPress themes market from a different angle or with a fresh perspective – to work backwards and use the future to strategically determine today’s activities. Somebody once said, “If you always do what you always did, you will always get what you always got.” Who would have ever thought that an Asian guy would teach the world (1 billion+) how to do a horse dance? Mind-blowing but undeniably real and possible. Maybe he did what wasn’t normally done and got the results nobody expected. Guess what? So can all of us.

BuddyPress WordPress Themes 2013: Trends

BuddyPress has come a long way since its conceptualization in 2008. What is BuddyPress anyway?

According to WPMU.org:

BuddyPress is a suite of plugins for WordPress that transforms into a fully functional social network platform.
When installed on WordPress Multisite it provides features that lets your members socially interact with each other within a multi-blogging platform environment. It provides all the features that allow you to build a community on your network. BuddyPress enables you to build passionate users around a specific niche.”

Buddypress.org puts it quite succinctly:

“BuddyPress is Social Networking, the WordPress way.”

The concept of turning a WordPress site into a social network is indeed radical and has not been lacking in challenges. What is amazing is that BuddyPress users of today find a plugin that fully integrates into ordinary WordPress as opposed to the few who were tinkering with WPMU a couple of years back. With its latest version, 1.6, BuddyPress is an easy to use plugin with good content management capability. You can enjoy the benefit of user generated content with the ability to moderate and control spam posts using existing infrastructure on WordPress. BuddyPress also gives you the functionality you expect from any social networking site. You can add and remove friends, create groups and much more.

With all that BuddyPress is offering now what more is store for this great plugin? The battle cry of the developers is theme integration. More and more people would like to turn their existing sites into social networking sites without discarding their existing theme capabilities. Come to think of it, if you have a great ecommerce theme, why would you want discard your eCommerce capabilities for social networking. The challenge for theme developers is to create or redesign themes that integrate the capabilities of buddypress. Social networking, in tandem with mobile devices, has made our world smaller, closer, and within reach. It is undeniable.On the other hand, BuddyPress developers also have to do their share to make the plugin more seamless. While the task doesn’t seem easy there is indeed a host of talented, highly motivated people working to reach the summit from both sides. We are looking forward with much eagerness to their success!

The Business of WordPress

The root word of ecosystem is “eco,” a derivative of the Greek term for house or home, and “system,” is a set of connected things or parts forming a complex whole. A closer look at nature reveals a highly integrated system of living and nonliving components capable of sustaining life. Each species, element, and energy source plays a crucial part in maintaining balance on our living planet. In the same token, there exists multiple layers of ecosystems within social and business structures that are interactive and interdependent upon each other. We have witnessed in the last few years a social networking phenomenon where our world has become more and more interconnected digitally and business environments are turning into digital ecosystems.

Caught in the midst of all this is a thriving WordPress community comprised of WordPress professionals, authors, developers, theme providers, marketplace vendors, web hosts, and other commercial entities that have evolved and conglomerated into this dynamic WordPress ecosystem we have today. These key players have all been instrumental in empowering the world’s most popular Content Management System (CMS) today, fueling this digital economy with WordPress powered websites, themes, plugins, and web consultancy services all around the globe.

One of the exciting events to look forward to in the WordPress scene is the upcoming Pressnomics 2012 conference in November. Pressnomics 2012 – The Economics of WordPress is the first of its kind gathering of the brightest minds in the commercial WordPress ecosystem represented by 7+ countries around the globe. The goal is to foster dialog, share and discuss business best practices, teach a mix of WordPress and general business strategy, et cetera, to help propel those who are active WordPress professionals even further as well as inspire those who are contemplating a future in the WordPress ecosystem. Among the list of speakers are familiar names in the WordPress community: Collis Ta’eed, Pete Davies, Alex King, Cory Miller, to name a few.

There is still much to learn and more room to grow in this realm as the world becomes smaller and smaller because of the recent technological advances especially in the mobile tech industry. The crest of this WordPress wave has yet to reach its peak and even as the wave rises so do the rest of the little boats floating along with it.

For more details about Pressnomics 2012, visit their website at pressnomics.com.