WordPress Gets Overdue Security Features

WordPress Gets Overdue Security Features

Probably the biggest and the most important of today's new security features is WordPress' offline digital signatures system. Starting with WordPress 5.2, the WordPress team will digitally sign its update packages with the Ed25519 public-key signature system so that a local installation will be able to verify the update package's authenticity before applying it to a local site.

For a Content Management System (CMS) that powers one third of the Internet, Wordpress leaves a lot to be desired in terms of security features. A lot of it is not necessarily the fault of the Wordpress team. Independent developers contribute "plugins" that are often full of vulnerabilities and junk code. Also, some of these plugins are not frequently maintained resulting in sites loaded with vulnerabilities.

WordPress is set to receive an assortment of new security features today that will finally add the protection level that many of its users have desired for years.

These features are expected to land with the official release of WordPress 5.2, expected for later today. Included are support for cryptographically-signed updates, support for a modern cryptography library, a Site Health section in the admin panel backend, and a feature that will act as a White-Screen-of-Death (WSOD) protection -- letting site admins access their backend in the case of catastrophic PHP errors. With WordPress being installed on around 33.8 percent of all internet sites, these features are set to put some fears at ease in regards to some attack vectors.

Probably the biggest and the most important of today's new security features is WordPress' offline digital signatures system. Starting with WordPress 5.2, the WordPress team will digitally sign its update packages with the Ed25519 public-key signature system so that a local installation will be able to verify the update package's authenticity before applying it to a local site.

Better late than never, Wordpress...

Did you like it? Why don't you try also...

Facebook Groups Reselling Fraud Services

Facebook Groups Reselling Fraud Services

The now-removed groups had more than 385,000 members in total and offered a variety of illegal services, from credit card information and identity theft to website hacking and email phishing, according to cybersecurity researchers at Talos, the threat intelligence division for the technology company Cisco.

FTC May Hold Zuckerberg Personally Responsible For Facebook Privacy Failures

FTC May Hold Zuckerberg Personally Responsible For Facebook Privacy Failures

According to NBC, FTC officials are discussing whether and how to hold Facebook Chief Executive Mark Zuckerberg personally accountable for the company's history of mismanaging users private data. However, NBC said its sources wouldn't elaborate on what measures are specifically under consideration.

CIA Accuses Huawei Of Being Funded By Chinese Intelligence

CIA Accuses Huawei Of Being Funded By Chinese Intelligence

The accusation comes at a time of trade tensions between Washington and Beijing and amid concerns in the United States that Huawei equipment could be used for espionage. The company has said the concerns are unfounded