#wordpress
Falls ihr einen WordPress Blog habt
If you have a WordPress blog
Aktiviert doch das Activity Pub Plugin von Herrn Pfefferle! Das ist kinderleicht und eure Seite ist sofort föderiert! Schickt mir gern den Link, ich abonniere euch.
Activate the Activity Pub plugin from Mr. Pfefferle! It's child's play and your site is instantly federated! Send me the link and I'll subscribe you.
https://wordpress.org/plugins/activitypub/
https://word.undead-network.de/2024/01/10/falls-ihr-einen-wordpress-blog-habt-if-you-have-a-wordpress-blog/
#activitypub #federation #Fderation #wordpress #wp
WordPress-Sicherheitswarnung mit Hintertür
Eine #Fake-Warnung an #Admins verbreitet ein gefährliches #WordPress-Sicherheitsupdate.
Derzeit sind betrügerische E-Mails in Umlauf, die #WordPress Admins vor einer vermeintlichen Schadcode-Lücke warnen. Wer darauf reinfällt, holt sich eine #Hintertür auf den PC.
https://www.heise.de/news/l-f-Sicherheitswarnung-mit-Hintertuer-9566929.html
Benutzt hier jemand WordPress?
Es scheint gerade großangelegtes Phishing im Namen des »WordPress Security Team« zu geben, um Leute dazu zu bewegen, Plugins mit Schadsoftware für ihr Blog/ihre Website zu installieren. Bitte auf gar keinen Fall darauf reinfallen!
Wer sich ein bisschen schwer mit dem Lesen englischsprachiger Texte tut: Ich habe für »Unser täglich Spam« den Kern ins Deutsche übelsetzt.
#Spam #Phishing #Security #WordPress #Schadsoftware #Malware #Warnung
Let me tell you that more source code always means more #vulnerability and is therefore always counterproductive for #security.
The #internet has become a bloated mess. Huge #JavaScript libraries, countless client-side queries and overly complex frontend frameworks are par for the course these days.
When popular website like The New York Times are multiple MB in size (nearly 50% of which is JavaScript!), you know there’s a problem. Why does any site need to be that huge? It’s #crazy.
But we can make a difference - all it takes is some #optimisation. Do you really need that extra piece of JavaScript? Does your #WordPress site need a #theme that adds lots of functionality you’re never going to use? Are those huge custom fonts really needed? Are your images optimised for the web?
read more here: https://512kb.club
#frontend #browser #web #danger #framework #software #problem #performance
Hi Diasporians (kein Plan ob das euch alle richtig anspricht). Einige von euch kennen diesen Text. Denn ich habe diesen Text für meinen damaligen Umzug von wk3.org zu pod.dapor.net geschrieben. Nun also die leicht aktualisierte Version für meinen Umzug von pod.dapor.net zu diesen hier, diasp.org. Wie dem auch sei, da pod.dapor.net bald die Pforten schließt habe ich hier schnell einen neuen Hafen gefunden. Da schonmal many thx diasp.org. Ich bin alles andere als #neuhier auf Diaspora. Mein erster D*-Hafen war #joindiaspora, von da schipperte ich weiter zu #wk3, weiter zu #pod.dapor.net und nun lege ich hier an. Über all die Zeit mochte und mag ich den kreativen Content von euch allen, die alles andere als profanen Diskussionen und nicht zuletzt die spannenden Menschen, die ich teilweise schon in real life kennenlernen konnte. So und nun sammel ich mir “meine” Kontakte wieder ein.
Achso, ich interessiere mich für: #freeopensourcesoftware #foss #anarchie #kollektivismus #webdesign #grafikdesign #antifa -aus Prinzip! #it #linux #lineageOS #wordpress #joomla #umverteilung #420 und vieles mehr.
Achtung, now the english version - my english is, i would say A2 (Elementary)
Hi Diasporians (dont know if its sounds good to you). some of you know this text, couse i wrote it in the past when i moved from wk3.org to pod.dapor. how ever, pod.dapor.net will be closed in a few weeks and so i found a new habour in here. Many thx #diasp.org. I`m not #newhere at *Diaspora. My first habour was #joindispora, after that i discovered the habour of #wk3.org, then pod.dapor.net and now i will anchor here. All the time i enjoy that creative content, the deep conversations and never the less the interesting people, a few of them i met in reallife. Well, now i collect my “old” contacts.
I switched my band website to wordpress with ActivityPub. feels a bit beta but you can subscribe here @Reverend@reverendelvis.de (if you want). Then I realized that WP also works with matrix.synapse. I like the protocol very much and think this will be much more important and powerful than ActivityPub in the long run. Community creation is almost not possible with AP and you can use matrix e.g. also very well as cloud, it goes all real-time things: streaming, video chat, chat etc... Both has its justification and are good. Both can be integrated into WP... how nice.
https://word.undead-network.de/2023/10/17/11312/
#activitypub #aissolution #federation #matrix #matrixsynapse #reverendelvis #synapse #wordpress
WPScan: Unauthenticated File Upload Vulnerability Addressed in Royal Elementor Addons and Templates 1.3.79
During an investigation of a series of website being actively compromised we noticed the constant presence of the Royal Elementor Addons and Templates plugin installed. And all sites had at least one malicious file dropped into the /wpr‑addons/forms/ directory.
As we reviewed the plugin it was found that the upload ajax action wasn’t properly validating the uploaded file’s extensions, allowing bad actors to bypass the check and drop malicious files to the /wpr‑addons/forms/ directory.
Upon identifying the vulnerability, we promptly alerted the plugin development team, who released version 1.3.79 to fix the issue. It is crucial for administrators to ensure their WordPress installations are fully updated to safeguard against this vulnerability.
WPScan: Finding A RCE Gadget Chain In WordPress Core
During a recent team gathering in Belgium, we had an impromptu Capture The Flag game that included a challenge with an SQL Injection vulnerability occurring inside an INSERT statement, meaning attackers could inject random stuff into the targeted table’s columns, and query information from the database, the intended “flag” being the credentials of a user on the affected blog.
The vulnerable SQL query inserted new rows into the wp_termmeta table, which while we knew it could potentially lead to Object Injection attacks due to the inserted metadata being passed through maybe_unserialize upon retrieval, we didn’t think too much about it since the common thought on the matter was that there was no known current RCE gadget chain in WordPress Core, and thus the challenge was “safe” since it didn’t use any other external plugins.
This proved to be enough to win that flag, however, the thought that there might be an alternative solution to the challenge piqued our curiosity. What if there was a working RCE gadget chain in Core waiting to be found?
Turns out, there was a way, which the WordPress Security Team fixed on version 6.3.2 by preventing several classes used in the final chain from either being unserialized at all, or restricting what some of their unserialized properties may contain.
WPScan: Email Leak Oracle Vulnerability Addressed in WordPress 6.3.2
During a thorough analysis of WordPress’ internals, we discovered a subtle bug that allowed unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website.
If successfully exploited, attackers could gather email addresses, putting user privacy at risk.
Upon identifying the vulnerability, we promptly alerted the WordPress team, who released version 6.3.2 to fix the issue. It is crucial for administrators to ensure their WordPress installations are fully updated to safeguard against this vulnerability.
Meanwhile.... Welcome to the Fediverse, WordPress!
WordPress.com blogs can now be followed on Mastodon and other federated platforms
Hubzilla : repartage automatique vers un blog Wordpress
Hubzilla : repartage automatique vers un blog Wordpress
Cette vidéo montre comment un membre d'une instance #hubzilla peut publier automatiquement sur son blog #Wordpress ce qu'il a posté sur son canal Hubzilla. Elle indique à la fin une piste d'intérêt pour le site portail de TheChangeBook si celui-ci était fait avec ce #CMS : https://tube.thechangebook.org/w/1R9MrBbtzoij5C2JTJy35U
ActivityPub Wordpress extension
Le plugin pour #Wordpress fonctionne avec les plateformes fédérées suivantes :
#Mastodon
#Pleroma
#Friendica
#HubZilla
#Pixelfed
#SocialHome
#Misskey
Plus de détail : https://fr.wordpress.org/plugins/activitypub/
Faire de Wordpress une ferme de sites
Configuration de base de #Wordpress afin d'accueillir plusieurs blogs (après une installation classique)
Dans le fichier wp-config.php ajouter avant /* C’est tout, ne touchez pas à ce qui suit ! Bonne publication. */ :
define('WP_ALLOW_MULTISITE', true);
Dans le tableau de bord, aller à Outils puis cliquer sur Création du réseau puis remodifier le fichier wp-config.php en rajoutant :
define( 'MULTISITE', true );
define( 'SUBDOMAIN_INSTALL', false );
define( 'DOMAIN_CURRENT_SITE', '127.0.0.1' ); // à modifier
define( 'PATH_CURRENT_SITE', '/wordpress/' ); // à modifier
define( 'SITE_ID_CURRENT_SITE', 1 );
define( 'BLOG_ID_CURRENT_SITE', 1 );
Dans le fichier .htaccess, rajouter :
```
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /wordpress/ // à modifier
RewriteRule ^index.php$ - [L]
[h1]add a trailing slash to /wp-admin[/h1]
RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).) $2 [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(..php)$ $2 [L]
RewriteRule . index.php [L]
```
Comment installer WordPress
Comment installer WordPress en local (ou pas)
Guide pratique pour installer le #CMS #Wordpress : https://fr.wordpress.org/support/article/how-to-install-wordpress/
