WEBSITE 2 DESIGN

Latest Articles

Vulnerability in Backup Migration | Unauthenticated Remote Code Execution

The Backup Migration plugin for WordPress has a flaw that allows attackers via the /includes/backup-heart.php file to remotely execute code on a website in all versions up to and including v1.3.7. This makes it possible for unauthenticated attackers to easily execute code on the server. Wordfence blocked 39 attacks targeting this vulnerability in the past […]

Urgent Elementor security Update Dec 8, 2023 Vulnerability | Elementor <= 3.18.1 

Elementor Page Builder has a serious vulnerability that permits attackers to upload malicious files which grant access to the website server In recent developments, a critical vulnerability has been unveiled within the highly popular Elementor website builder plugin, shaking the WordPress community. This vulnerability, rated at a staggering 8.8 out of 10, poses a serious […]

Is Cloudways Still Good For 2023? - W2D Review

The Answer is Yes! Cloudways is Still in the Top among Cloud Hosting in 2023 About Cloudways Cloudways is one of the Highly-rated managed cloud hosting solution for all PHP-based apps such as WordPress, Magento, Laravel & more. Most of the web developers, agencies, freelancers, and bloggers use Cloudways to host their websites. How Cloudways […]

PowerPress Plugin XSS Vulnerability Patched by Blubrry

The Wordfence Threat Intelligence team discovered a stored Cross-Site Scripting (XSS) vulnerability in the popular PowerPress plugin by Blubrry on April 5, 2023. The plugin is currently in use on over 50,000 WordPress websites. The vulnerability allows individuals with contributor-level or higher permissions to insert malicious web scripts into pages via the plugin's shortcode. The […]

Wordfence 7.7.0 New Update Release - Changelog Explained

Word fence 7.7.0 Is Out! Here Are the Changes has just been released and as usual? Wordfence 7.7.0 has just been released and as usual, it includes several awesome enhancements and updates for our security-conscious WordPress publishers and e-commerce websites. This post goes into a little more detail on each change Word fence included. Word […]

Fixed: Yoast SEO 19.7 Causes Fatal Error & Crashes Websites

Yoast SEO 19.7 Causes Fatal Error & Crashes Websites: Yoast SEO releases an update to fix fatal errors caused by a plugin conflict.Yoast investigated the reports and swiftly published a new update that fixed the problem. WordPress Fatal Error: WordPress Fatal Error was caused by an update to Yoast SEO in which the coding conflicted […]

Update: Download Manager Plugin Vulnerability Patched July 27, 2022

The Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability they discovered on July 8, 2022 in “Download Manager,” a WordPress plugin that is installed on over 100,000+ sites. This flaw makes it possible for an authenticated attacker to delete arbitrary files hosted on the server, provided they have access to create […]

Download Manager Plugin Vulnerability Risk on 10,000 WordPress Sites

Security Researcher Rafie Muhammad reported a reflected Cross-Site Scripting (XSS) vulnerability to Wordfence that they discovered in Download Manager, a WordPress plugin installed on over 100,000 sites. On request, we assigned a vulnerability identifier of CVE-2022-1985, on May 30, 2022. Even though Wordfence provides protection against this vulnerability, we strongly recommend ensuring that your site […]

Security Alert: Jupiter & JupiterX Premium Themes has Critical Privilege Escalation Vulnerability - May 2022

Affected Software: Jupiter Theme and JupiterX Core Plugin Fully Patched Versions: Jupiter Theme 6.10.2 and JupiterX Core Plugin 2.0.8 The Wordfence Threat Intelligence team initiated the responsible disclosure process on April 5, 2022, for a set of High threat vulnerabilities in the Jupiter & JupiterX themes, and their required JupiterX Core companion plugin for WordPress, which included […]

Emergency Update: Google Chrome Needs To Be Updated To Version(99.0.4844.84)

The Tech Giant "Google" has issued an emergency security warning to their billions of chrome users to update ASAP as it is confirmed that attackers are already exploiting. Google has issued an urgent security update for their billions of Chrome users from their official blog published at March 25, as it confirms that attackers are […]

Woocommerce 6.3 Has Been Released, What's New?

Woocommerce has officially announced the release of WooCommerce version 6.3. They even mentioned that this release should be backwards compatible with the previous version. It is always recommended to take a backup of your site and make sure that the theme and any other installed plugins are compatible or not before updating. Woocommerce v6.3 release […]

How To Update WordPress Theme For Beginners

When we are New to WordPress we might spend too much time searching for the options or settings to change as we think. We just need to understand the WordPress Navigations by exploring it. Now Let's See How We Can Update a WordPress Theme From the Dashboard. There are two methods to update a WordPress […]

Header Footer Code Manager has Reflected Cross-Site Scripting Vulnerability

Wordfence Threat Intelligence team responsibly disclosed a reflected Cross-Site Scripting (XSS) vulnerability in Header Footer Code Manager, a WordPress plugin with over 300,000 installations on February 15, 2022. Header Footer Code Manager plugin publisher quickly acknowledged wordfence initial contact and wordfence did sent the full disclosure details the same day, on February 15, 2022. A […]

Updraftplus Vulnerability Allowed Subscribers to Download Sensitive Backups

Update: a previous version of this article indicated that an attacker would need to begin their attack when a backup was in progress and would need to guess the appropriate timestamp to download a backup. Since the article was originally published, wordfence have found that it is possible to obtain a full log containing a […]

Alert: Vulnerability on Essential Addons For Elementor WordPress Plugin - Updated 31 Jan, 2022

Essential Addons for Elementor WordPress plugin affected by a critical Remote Code Execution (RCE) vulnerability that severely impacts v5.0.4 and older. Vulnerability Fixed Patch update - 31 January, 2022 Essential Addons for Elementor is a free and popular WordPress plugin and it is an addon for the Famous Elementor Page Builder. The vulnerability was discovered […]

Is Elementor Free to Download?

Elementor is one of the Top Suggested Page Builders in the WordPress world, most WordPress developers suggest using Elementor as it is easy to use with its Simple Drag & Drop Feature, and saves everyone's Time and Effort. Is Elementor Free? Yes, Elementor is Free and it's available on WordPress Repository/Library. You can easily create […]

3 Plugins with Same Vulnerability Allows Attacker to Take Over

These three WordPress plugins with the same vulnerability give the attacker to access your login and e-commerce add-ons by taking over the site completely. The Wordfence Threat Intelligence team started a process to disclose a vulnerability researchers on Nov. 5, 2021, had found in “Login/Signup Popup,” a WordPress plug-in installed on more than 20,000 sites, Wordfence’s Chloe […]

Yoast SEO Gets Into Shopify Planning to Launch End of January

Yoast.com has officially announced that they are planning to launch Yoast SEO by the end of January 18, 2022 They have mentioned that, Shopify is growing fast, and they have decided to get profit from the growth of that specific platform building a SEO app. Also the price point in shopify is different from the […]

First Important Step To Do After Installing WordPress

The first and most important step to do after installing wordpress from your hosting provider is to check the permalink structure. After a successful wordpress installation, we need to check the permalink structure before adding any theme or plugin is the best practice to avoid SEO errors in the future. Why is Permalink structure Important? […]

How to Install Elementor on Your WordPress Website For Beginners

If you want to create a new website that should be Easy to Build and also Easy to Manage by yourself for longrun then Elementor Page builder is the best choice to add on your wordpress website. Elementor is one of the highest installed wordpress plugin with 5+ Million Active Installations till now.And it is […]

1.6 Million WordPress Sites Cyberattack From 16,000+ IP Addresses - Dec 2021

As many as 1.6 million WordPress sites have been targeted by an active large-scale attack campaign originating from 16,000 IP addresses by exploiting weaknesses in four plugins and 15 Epsilon Framework themes. WordPress security company Wordfence, which disclosed details of the attacks, said Thursday it had detected and blocked more than 13.7 million attacks aimed […]

GoDaddy Data Breach Affected 1.2 Million Customer Accounts

GoDaddy announced on Monday a security breach that could affect up to 1.2 million customers, exposing their e-mail addresses and customer numbers. The exposure of email addresses presents a risk of phishing attacks, a scheme in which a hacker sends a target an e-mail and tricks them into sending over sensitive information by clicking a link that deploys […]

Is Image Alt Text Important For SEO?

Do you know that images without an alt text can impact negatively on your website's SEO? Search engine's like Google and Bing finds hard to understand image files if they don't have an alt text while crawling web pages. Is Image Alt Text Or Alt Attribute Important For SEO? The Answer is Yes What is […]

Vulnerability in Smash Balloon Social Post Feed plugin versions 4.0.0 and earlier - Update Now

The Smash Balloon Social Post Feed plugin has a vulnerability in versions 4.0.0 and earlier. We recommend updating to version 4.0.1 During an internal audit of the Smash Balloon Social Post Feed plugin (also known as Custom Facebook Feed), Jetpack discovered several sensitive AJAX endpoints were accessible to any users with an account on the vulnerable site, […]

Dangerous Site Deletion Vulnerability in Hashthemes Plugin - Oct 26, 2021

n August 25, 2021, the Wordfence Threat Intelligence team initiated the disclosure process for a vulnerability in Hashthemes Demo Importer, a WordPress plugin with over 7,000 installations. This vulnerability allowed any authenticated user to completely reset a site, permanently deleting nearly all database content as well as all uploaded media. As wordfence team did not receive […]

OptinMonster Vulnerabilities - 1,000,000 Sites Affected - Oct 27, 2021

On September 28, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for several vulnerabilities Wordfence discovered in OptinMonster, a WordPress plugin installed on over 1,000,000 sites. These flaws made it possible for an unauthenticated attacker, meaning any site visitor, to export sensitive information and add malicious JavaScript to WordPress sites, among many other […]

How to add Previous Next Links on Oxygen Post Template

Adding Previous and Next Links on Oxygen Single Post Template is Really Simple Add two code blocks One for Previous Post Link and Other for Next Post Link For Previous Post Link Code For Next Post Link Code This is the simple and easiest way to add Next and Previous Post Link on Oxygen Single […]

WooCommerce Core Security Issue Alert - Critical vulnerability - July 2021

Security Update Alert on Woocommerce versions 3.3 to 5.5 on July 15, 2021 Update Woocommerce to the latest version (5.5.1) or the highest number possible There has been a critical vulnerability identified in WooCommerce (versions 3.3 to 5.5) and the WooCommerce Blocks feature plugin (versions 2.5 to 5.5). What actions should I take with my store? Stores hosted on WordPress.com and WordPress VIP […]

High Vulnerabilities Patched in Simple 301 Redirects by BetterLinks Plugin

On April 8, 2021, the Wordfence Threat Intelligence team initiated the responsible disclosure process for several vulnerabilities discovered in Simple 301 Redirects by BetterLinks, a WordPress plugin installed on over 300,000 sites. One of these flaws made it possible for unauthenticated users to update redirects for the site allowing an attacker to redirect all site traffic […]

Elementor New Pricing Plan 2020 - From March 9

Elementor Page Builder is one of the Best most user friendly WordPress Page Builder plugin that was on the top from 2019.If you are a WordPress Developer or Designer you would probably know that, but if you are new to wordpress then Elementor is the best free page builder and we can create almost a […]