A Greek salad on Dispute; knowing your legal image rights
July 22, 2020Defense in depth
September 22, 2020On August 28th, 00:45 GMT+2 a major attack on WordPress websites was carried out. Many WordPress sites had their admin account renamed. We managed to block the attack on its early beginning and monitor the procedure carried out using honeypots. An upgrade to all WordPress sites to latest version 5.5 hosted on our datacenters was carried out within 12 hours.
This week, the popular WordPress CMS has received a major upgrade – WordPress 5.5.1 – which fixes issues that caused problems on millions of websites around the world.
WordPress.org has published new information explaining why version 5.5. of WordPress has negatively affected millions of websites and states that the new software upgrade, WordPress 5.5.1, acts as a patch (maintenance release). This announcement is accompanied by links to Excel spreadsheets that pinpoint the specific issue affecting each plugin and theme, which is expected to help developers update faster.
WordPress 5.5.1 Maintenance Release September 1, 2020
The “maintenance version” was designed to protect websites from cracking, but that does not mean that problems are solved. The announcement emphasizes to developers having till March 2021 to fix problems arising from the termination of support for specific global JavaScript objects brought by version 5.5 of WordPress. Failure of developers to make timely corrections will result in problems again on the affected websites.
“The plan is to remove this code in the next major version of WordPress, so it will be deleted in WordPress 5.7. This gives plugin and theme developers enough time to remove the problematic code and switch to using wp.i18n,” the statement says.
Millions of pages are affected
As mentioned above, the relevant announcement incorporates a link to a spreadsheet with information. The file reveals the previously unknown number of sites affected. Initially, the impact was relatively small and limited to a few thousand sites, which proved to be completely inaccurate. Eventually, WordPress 5.5 negatively affected millions of websites, which is why the relevant maintenance release (5.5.1) was released urgently.
Popular affected plugins
- SiteOrigin Widgets Bundle (+1 million users)
- Advanced Custom Fields (+1 million users)
- Ninja Forms Contact Form (+1 million users)
Partial list of plugins affected by WordPress 5.5.
- WordPress Gallery Plugin – NextGEN Gallery
- Polylang
- Child Theme Configurator
- Simple Custom CSS and JS
- Toolset Types – Custom Post Types, Custom Fields and Taxonomies
- Max Mega Menu
- WP AutoTerms: Privacy Policy Generator, Cookie Notice Banner, Terms & Conditions Generator
- YITH WooCommerce Wishlist
- Ocean Extra
- WordPress SEO Plugin – Rank Math
- Meta Box – WordPress Custom Fields Framework
- Hummingbird – Speed Optimize, Cache, Minify & Defer Critical CSS & JavaScript
- Content Views – Post Grid & List for WordPress
Popular themes affected:
- Astra +1 million users
- Storefront +200,000 users
- Hestia +100,000 users
- Neve +100,000 users
- ColorMag +100,000 users
- Customizr
- Hueman
- Zakra
The above changes need to be addressed and updates on WordPress core and code need to be made on all WordPress websites.
In Creative People we provide managed hosting services so as to get peace of mind.
See more here