Profiling WordPress Performance

Performance is key for high-traffic WordPress sites, and there are two main ingredients for great WordPress performance – caching and profiling. In this short tutorial we’ll focus on profiling, how it complements caching, and why all of it really matters.

Continue reading →

PHPMailer Vulnerability and WordPress

There’s lots of panic around the holidays regarding CVE-2016-10033 – a critical vulnerability in the PHPMailer library, which allows an attacker to inject custom command-line commands and have the webserver execute them (RCE – remote code execution). WordPress uses PHPMailer, yet there hasn’t been an update yet (see trac ticket #37210), the ticket hasn’t been marked as critical…

Continue reading →

WordPress 4.7

WordPress 4.7 has been released a few moments ago, and includes a brand new default theme, starter content support, video headers, custom CSS, menu management improvements, content endpoints for the REST API, and much more.

Continue reading →

Don’t Cache WP_Query Objects

WP_Query is one of the most complex classes in the WordPress codebase. It’s extremely powerful and flexible, but that flexibility often results in slower database queries, especially when working with metadata. To speed things up, WordPress developers tend to cache the results of such queries, but there are a few pitfalls you should be aware…

Continue reading →

WordPress 4.6.1

WordPress 4.6.1 is a security and maintenance release. It patches an XSS and path traversal vulnerabilities found in previous versions of the core software, and also fixes a few bugs found in the 4.6 release.

Continue reading →

WordPress 4.6

WordPress 4.6 has been released a few days ago and includes better plugin and theme updates, native fonts for the admin area, visual editor improvements, better Multisite performance, resource hints and much more.

Continue reading →