It’s been another quiet week with respect to WordPress security, but here’s a few items that may be important to you.
#1 – Vulnerabilities: REHub Themes & Plugins
Several critical vulnerabilities.
How will I know I’m okay?
Upgrade REHub plugins to v19.6.2+
What’s the risk?
SQL injection & Local File Inclusion. Lots to be concerned about!
Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#2 – PHP Releases To Be Supported For Longer
Active and future PHP releases (8.1+) will all receive an extra year in security support & patches, going forward.
Why is this important?
It alleviates some pressure to constantly keep up with the latest PHP versions and ensures PHP stays secure, for longer.
What’s the big deal with keeping PHP updated?
We’ve got an article here about updating your PHP versions. We recommend running at least PHP 7.4 at this stage.
Editor Comment
Shield will soon be moving to PHP 7.4 – we strongly urge everyone to prioritise using their PHP versions. You’ll get better performance, if nothing else!
#3 – Are Passkeys A Missed Opportunity?
We’re seeing a lot of articles recently about how Passkey/WebAuthn is maybe an own-goal and a missed opportunity.
The dream of a true Passwordless internet is perhaps not going to come true after all. At least not yet.
We’re still positive about Passkeys and we use them extensively, but many are less keen.
Have you tried Passkeys with ShieldPRO?
We’d love to hear from you if you’ve tried our Passkey feature with Shield. If not, why not? If you have, what are your thoughts?
Hardware Passkey are superior
We’re huge fans of hardware Passkeys, such as Yubikeys, and much less keen on using Passkeys provided by vendors such as Apple, Microsoft, or 1Password, for example. What sort of Passkeys are you using, if at all?
Thanks for reading, and have a great week!
Paul Goodchild
Shield Security for WordPress
