PHPMailer Vulnerability and WordPress

There’s lots of panic around the holidays regarding CVE-2016-10033 – a critical vulnerability in the PHPMailer library, which allows an attacker to inject custom command-line commands and have the webserver execute them (RCE – remote code execution). WordPress uses PHPMailer, yet there hasn’t been an update yet (see trac ticket #37210), the ticket hasn’t been marked as critical…

Continue reading →

WordPress 4.7

WordPress 4.7 has been released a few moments ago, and includes a brand new default theme, starter content support, video headers, custom CSS, menu management improvements, content endpoints for the REST API, and much more.

Continue reading →

Don’t Cache WP_Query Objects

WP_Query is one of the most complex classes in the WordPress codebase. It’s extremely powerful and flexible, but that flexibility often results in slower database queries, especially when working with metadata. To speed things up, WordPress developers tend to cache the results of such queries, but there are a few pitfalls you should be aware…

Continue reading →

WordPress 4.6.1

WordPress 4.6.1 is a security and maintenance release. It patches an XSS and path traversal vulnerabilities found in previous versions of the core software, and also fixes a few bugs found in the 4.6 release.

Continue reading →

WordPress 4.6

WordPress 4.6 has been released a few days ago and includes better plugin and theme updates, native fonts for the admin area, visual editor improvements, better Multisite performance, resource hints and much more.

Continue reading →

Don’t Cache Everything in a Transient

The Transients API is a great way to cache small pieces of data in WordPress, but there are certain things developers tend to overlook when working with this API. In this post we’ll cover some situations where transient caching is not a good fit, and explore some better alternatives.

Continue reading →

Running WordPress Cron via PHP-CLI

WP-Cron, the WordPress task scheduler, is a common source of problems, from missed publish schedules and failed auto-updates, to broken garbage collection and cache flushing. There are plenty of good tutorials on working with the scheduler, so in this post we’d like to focus more on performance, and why it’s a better idea to trigger…

Continue reading →

A New Dashboard

Our old dashboard has served us well for over year but it’s time to change — some of the upcoming features we’ve planned for Pressjitsu require a simpler and more scalable dashboard design. In this post we’ll cover some of the changes we have already implemented, and some things we plan to roll out very…

Continue reading →