Nexcess Blog

The first thing a prospective WordPress site owner has to decide is where to host their site. There is plenty of advice on the web about how to choose a hosting provider for WordPress. As you might expect, some of that advice is accurate and worth reading, and some of it is so misleading it […]

It has recently come to light that several critical vulnerabilities were fixed in the Avada theme in April, although ThemeFusion, the developers of the theme didn’t widely announce the patched release until several weeks later. If you use the Avada WordPress theme on your site, you should upgrade to Avada 5.1.5 as soon as possible. […]

WordPress has announced that it’s joined HackerOne, a platform for researchers to responsibly disclose security vulnerabilities. HackerOne provides a consistent interface for reporting vulnerabilities and reduces the amount of time developers waste responding to common issues, freeing them to focus on security improvements. The HackerOne platform is used by many large organizations for vulnerability reporting, […]

The WordPress development team has announced that WordPress 4.8 will be released on June 8th. WordPress 4.8 will include editing enhancements with a focus on laying the groundwork for an improved text editing experience, but it won’t include the full version of Gutenberg, WordPress’s experimental editor, which is still being developed. The release is on […]

Until relatively recently, if you wanted to build a WordPress theme, you had to use PHP. With the introduction of the REST API, that’s no longer the case. It’s possible to build integrations with WordPress in any language. As Matt Mullenweg has pointed out on several occasions, a leading motivation for the introduction of the […]

Matt Mullenweg has announced that from WordPress 4.8, which is expected to be released later this year, WordPress will no longer support Internet Explorer versions older than IE 11. Microsoft only supports IE 11, but WordPress supports IE 8, 9, and 10 because a small proportion of its users remain on older versions. In March […]

WP-Base-SEO is a fake WordPress plugin that security researchers have found installed on over 4000 WordPress sites. WP-Base-SEO is a copy of a legitimate WordPress SEO plugin with added malicious code so the attacker can control infected sites. When a hacker compromises a WordPress site, standard operating procedure is to inject malicious PHP or JavaScript […]

A huge botnet of home routers has targeted WordPress sites with brute-force attacks over the last few weeks. Brute-force attacks are a risk for WordPress websites with insecure passwords, and they can cause problems even if a site has secure passwords by consuming a significant proportion of its resources. A botnet is a collection of […]

Getting a theme into the WordPress Theme Repository can give a big boost to a WordPress developer’s credibility, especially if it proves popular with WordPress users. It’s also a great way to promote a premium theme — many theme developers publish “light” versions of their theme for free to promote a premium version with more […]

Google has long been wise to ways of comment spammers, but that doesn’t stop many comment threads degenerating into spammy lists of “work from home” comments and link spam. Akismet and similar spam filters catch most of it, but judging by the sites I see every day, these filters let plenty of spam through. Although […]