Posted on

WordPress version 5.2 delivers more security features, tools to fix ‘fatal’ website errors

WordPress announced Tuesday the latest version is now available for download and includes several security updates.

“There are even more robust tools for identifying and fixing configuration issues and fatal errors,” wrote WordPress co-founder Matt Mullenweg on the company’s blog, “Whether you are a developer helping clients or you manage your site solo, these tools can help get you the right information when you need it.”

Any websites running an old version of PHP (5.6.20 or earlier) will need to update their PHP before installing the new 5.2 version of WordPress.

New safety features. WordPress 5.2 (named “Jaco” in honor of jazz bassist Jaco Pastorius) includes updated Site Health features with the addition of two new pages designed to debug common configuration issues and a space for developers to add “debugging” information for website managers.

The PHP error protection built for administrators lets site owners safely fix and manage fatal errors without developer resources.

“It features better handling of the so-called ‘white screen of death’ and a way to enter recovery mode, which pauses error-causing plugins or themes,” wrote Mullenweg.

General updates. WordPress said its latest versions comes with improved contextual awareness and better keyboard navigation flow for anyone using screen readers or assistive technologies. There are 13 new dashboard icons — including one for Instagram and multiple ones for BuddyPress — and automatic checks to determine if a website’s version of PHP is compatible with installed plugins.

To avoid site errors, WordPress will not allow a plugin to be activated if it is not compatible with the site.

And for the developers. With this latest version of WordPress, the minimum supported PHP version is 5.6.20 — thus the need for website owners to make sure their site is running a more recent version of PHP before downloading WordPress 5.2.

WordPress has added a new theme page template, a conditional function and two CSS classes which will make it easier to design and customize Privacy Policy pages. There is also new body hook features that allow themes to support code added at the beginning of a body element, and new tools to write modern JavaScript.

Why we should care. WordPress is the most widely used CMS in the world, which has put it in the sites of malicious actors. If you’re among the millions of WordPress users, these added security measures are sure to be welcomed. Not updating your WordPress website leaves it open to vulnerabilities, creating a potential disaster in terms of your online presence. From ‘fatal errors’ that can take down and entire e-commerce site to smaller issues that renders a website unusable, keeping your company’s website platform updated is mandatory in terms of best practices for your online security measures.About The Author Amy Gesenhues is Third Door Media’s General Assignment Reporter, covering the latest news and updates for Marketing Land and Search Engine Land. From 2009 to 2012, she was an award-winning syndicated columnist for a number of daily newspapers from New York to Texas. With more than ten years of marketing management experience, she has contributed to a variety of traditional and online publications, including MarketingProfs, SoftwareCEO, and Sales and Marketing Management Magazine. Read more of Amy’s articles.

Posted on

WP Engine Launches Cloudflare Stream Video Plugin for WordPress

Plugin Makes It Easy To Upload And Stream Video On WordPress Sites

WP Engine, the WordPress Digital Experience Platform (DXP), today announced the launch of the Cloudflare Stream Video Plugin for WordPress. The plugin was built by WP Engine in partnership with Cloudflare to make it incredibly easy for WordPress users to publish and stream performance optimized videos on WordPress sites. Cloudflare Stream is an easy-to-use, affordable, on-demand video streaming platform that runs on Cloudflare’s secure global network. The end-to-end solution includes storage, encoding and a customizable video.js player.

This press release features multimedia. View the full release here:

This announcement builds on the existing relationship between WP Engine and Cloudflare with Global Edge Security, which helps WP Engine’s digital experience platform deliver consistently delightful customer experiences with enterprise-grade security.

Video pain points: overpriced and not scalable

Many of the video service options currently on the market are costly or require specific video domain expertise. Self-hosting native videos can often hinder page load times, and degrade the user experience. Digital developers and agencies have found that integrating video in the WordPress editor sometimes feels disjointed, forcing them to switch between WordPress and third-party platforms in order to manage their video publishing workflows. Some video discovery platforms are easier, but include paid advertisements or recommended videos after a video plays that inevitably impact brand identity and hurt the user experience. Brands have long needed a highly-scalable, affordable video solution that can be easily integrated into the WordPress experience.

With the new Cloudflare Stream Video Plugin for WordPress, developers now have a robust, enterprise-grade solution that allows them to easily insert and stream videos in the WordPress editor and have those videos served securely through Cloudflare’s lightning-fast global network.

This is how we do it

Powered by the Cloudflare Stream API, the Cloudflare Stream Video Plugin for WordPress integrates fully with the WordPress Admin console. Content editors can easily embed videos into article content within the WordPress dashboard. It uses a block editor-first approach, leaning into the future of WordPress via the WordPress block editor. It also leverages WordPress’s Media Library APIs so users can stay within the WordPress console to make edits or manage their video library.

Key benefits:Content managers can add, edit metadata and delete videos all within the WP-Admin media libraryDevelopers can easily and effortlessly embed videos into design elements, such as site headers and widgetsVideos are hosted securely and managed with Cloudflare StreamEnables developers to free up storage and lower bandwidth usage enabling even more robust, beautiful WordPress experiencesEnd users are not exposed to ads, branded labels or competing videosEnd users’ video experience is fast with almost no buffering, especially important for today’s mobile consumer

“We launched Cloudflare Stream to make video streaming easy and affordable for content owners and app developers alike,” said Chris Merritt, Chief Revenue Officer at Cloudflare. “The Cloudflare Stream Video Plugin for WordPress will further simplify video publishing for developers and website owners that build in WordPress.”

“By creating the Cloudflare Stream Video Plugin for WordPress, we are helping developers easily add, manage and optimize videos into all types of digital experiences, ultimately creating better, more robust user experiences,” said Lisa Box, Vice President of Strategic Alliances at WP Engine. “We are excited to offer this integration to the WordPress community, because continuing to scale WordPress performance is a priority at WP Engine.”

Learn more about the Cloudflare Stream Video Plugin for WordPress and download it here.

About WP Engine

WP Engine is the WordPress Digital Experience Platform that gives companies of all sizes the agility, performance, intelligence, and integrations they need to drive their business forward faster. WP Engine’s combination of tech innovation and an award-winning team of WordPress experts are trusted by over 90,000 companies across 150 countries to provide counsel and support, helping brands create world-class digital experiences. Founded in 2010, WP Engine is headquartered in Austin, Texas, and has offices in San Francisco, California; San Antonio, Texas; London, England; Limerick, Ireland and Brisbane, Australia.

About Cloudflare

Cloudflare, Inc. ( / @cloudflare) is on a mission to help build a better Internet. Today the company runs one of the world’s largest networks that powers more than 10 trillion requests per month, accounting for 10 percent of all Internet requests. Cloudflare protects and accelerates any Internet application online without adding hardware, installing software, or changing a line of code. Internet properties powered by Cloudflare have all web traffic routed through its intelligent global network, which gets smarter with every request. As a result, they see significant improvement in performance and a decrease in spam and other attacks. Cloudflare was recognized by the World Economic Forum as a Technology Pioneer, named to Entrepreneur Magazine’s Top Company Cultures list, and ranked among the World’s 10 Most Innovative Enterprise Companies by Fast Company. Headquartered in San Francisco, CA, Cloudflare has offices in Austin, TX, Champaign, IL, New York, NY, San Jose, CA, Washington, D.C., London, Munich, Beijing, Singapore, and Sydney.

View source version on

Posted on

WordPress updates are digitally signed at last!

WordPress 5.2 is out and brings a number of functional improvements, but the great news for those who are worried about the security of their installation is the implementation of digital signing of update packages.

WordPress cryptographically signed updates

Increased security

WordPress provided the option for automatic implementation of updates back in 2013 but, until now, these updates were not digitally singed, meaning that a successful compromise of WordPress update servers would allow attackers to deliver malicious updates to all those who use the popular content management system (CMS).

(According to the latest available numbers, WordPress powers 33.8 percent of websites who use a CMS, i.e., tens of millions of websites.)

The new feature make this type of supply chain attack more difficult: even if the attackers compromise the update servers, they won’t be able to deliver malicious updates without also stealing the signing key from the WordPress core development team and using it to sign them.A new cryptographic library

The verification of the signature will be performed by the WordPress installation, through the newly implemented Sodium Compat cryptographic library, which is “a pure PHP polyfill for the Sodium cryptography library (libsodium).” Sodium Compat has also been adopted by Joomla! and Magento.

“In addition to the security enhancements to the WordPress core, the inclusion of sodium_compat on WordPress 5.2 means that plugin developers can start to migrate their custom cryptography code away from mcrypt (deprecated in PHP 7.1, removed in PHP 7.2) and towards libsodium (introduced in PHP 7.2, polyfilled by sodium_compat),” noted Scott Arciszewski, Chief Development Officer at Paragon Initiative Enterprises, the company that developed the library.

He also pointed out that this digital signing feature only covers core WP updates and that they will be working to implement a system that allows vendors to sign themes and plugins and and publish these signatures and related metadata to an append-only cryptographic ledger.

“Once this is done, WordPress’s auto-update will finally be secure,” he added.