Display Widgets plugin has serious security issue – BlogAid Today Breaking News 9/14/17
The Display Widgets plugin has gone evil.
Delete it immediately.
The plugin was sold by the original developer to a company that specializes in buying up old, semi-popular plugins. Then they inject malicious code.
This is not the first time this plugin has been pulled from the WordPress plugins repository. It’s the fourth time, and now they will refuse to let it back in.
And it’s not the only popular plugin that has been ripped from the repository multiple times for the same thing.
Shareaholic has been notorious for doing evil in the past. I don’t care how clean their code is now, I wouldn’t trust that plugin on my site again either.
Display Widgets, WP REACT, CloudFlare and IPs, SSL is not HTTPS – BlogAid Today 9/15/17
Huge news for WordPress development.
The decision came after Apache also pulled the plug on using REACT. (Apache is the software that runs on many host servers.)
What does this mean for WordPress site owners?
Those changes were supposed to start with the new Gutenberg plugin. It, Calypso, and JetPack were all built by the devs at Automattic on REACT.
They will now be rebuilding all of them, starting with Gutenberg.
This will likely delay its release, which was slated for Jan 2018 in the WP 5.0 release.
At this time, we don’t have confirmation on whether this will delay the WP 5.0 release too, or just Gutenberg being rolled into the core.
Analytics plugin, SSL, Ad Networks – BlogAid Today – 9/16/17
The Google Analyticator plugin latest update may have PHP 7 or other issues. This is unconfirmed and still checking.
But the problem may be too low of a PHP level. Developers are dropping support for older PHP versions as they make their plugins compliant with PHP 7.
See this post to check your PHP version http://bit.ly/2pMzTlJ and identify your outdated plugins.
The WP Rollback plugin has saved my bacon when I’ve run into an issue during a plugin update.
See my recommended plugins, including WP Rollback https://blogaid.net/wordpress-plugins/
Let’s Encrypt SSL certificate didn’t auto renew. That’s a little scary.
We are all counting on auto renewal of all SSL certificates now so we can maintain our HTTPS status. Tech support at your host can help you fix this, but let’s hope it doesn’t happen often.
I don’t like using the Block All Content Security Policy header on HTTPS sites as a general rule. But, sites that are running ad networks have to. It’s better to fix all of the underlying issues first before installing it too.
See this post for Why Not to Use a Block All Mixed Content CSP on HTTPS Sites with Ads http://bit.ly/2xO35Zw for more details.
Has the internet being acting goofy for you lately? You’re not alone. Some big sites have been unavailable lately and other odd internet things.
Reasons for this can include: internet hubs being offline or updated, DNS resolvers being down, or big botnets roaming around.