May 6, 2024 by Paul G. | Security, ShieldNOTES

ShieldNOTES Ep#12: Big vulnerabilities, PHP Upgrades, and Passkeys

It’s been another quiet week with respect to WordPress security, but here’s a few items that may be important to you.

#1 – Vulnerabilities: REHub Themes & Plugins

Several critical vulnerabilities.

How will I know I’m okay?
Upgrade REHub plugins to v19.6.2+

What’s the risk?
SQL injection & Local File Inclusion. Lots to be concerned about!

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#2 – PHP Releases To Be Supported For Longer

Active and future PHP releases (8.1+) will all receive an extra year in security support & patches, going forward.

Why is this important?
It alleviates some pressure to constantly keep up with the latest PHP versions and ensures PHP stays secure, for longer.

What’s the big deal with keeping PHP updated?
We’ve got an article here about updating your PHP versions. We recommend running at least PHP 7.4 at this stage.

Editor Comment
Shield will soon be moving to PHP 7.4 – we strongly urge everyone to prioritise using their PHP versions. You’ll get better performance, if nothing else!

More Info →

#3 – Are Passkeys A Missed Opportunity?

We’re seeing a lot of articles recently about how Passkey/WebAuthn is maybe an own-goal and a missed opportunity.

The dream of a true Passwordless internet is perhaps not going to come true after all. At least not yet.

We’re still positive about Passkeys and we use them extensively, but many are less keen.

Have you tried Passkeys with ShieldPRO?
We’d love to hear from you if you’ve tried our Passkey feature with Shield. If not, why not? If you have, what are your thoughts?

Hardware Passkey are superior
We’re huge fans of hardware Passkeys, such as Yubikeys, and much less keen on using Passkeys provided by vendors such as Apple, Microsoft, or 1Password, for example. What sort of Passkeys are you using, if at all?

More Info →

Thanks for reading, and have a great week!

Paul Goodchild
Shield Security for WordPress

Hello dear reader!

If you want to level-up your WordPress security with ShieldPRO, click to get started today. (risk-free, with our no-quibble 14-day satisfaction promise!)

You'll get all PRO features, including AI Malware Scanning, WP Config File Protection, Plugin and Theme File Guard, import/export, exclusive customer support, and much, much more.

We'd be honoured to have you as a member, and look forward to serving you during your journey towards powerful, WordPress security.

Try ShieldPRO Today →

ShieldPRO Testimonials
@najunod's Gravatar @najunod

Excellent and very responsive

9 months since installed (after my web site got hacked) and so far so good, all attacks pushed back successfully. Paul and Jelena have always provided very responsive support to my emails. What was impressive is the very fast workaround provided in his plugin to counter a conflict I had…

@crowdmarshals's Gravatar @crowdmarshals

The best WordPress backup

No need to look any further. I have tried just about all the backup plugins available and this is definitely the best. I use WP clone as well which is another top plugin–a must have.

@canyonhiker's Gravatar @canyonhiker

Excellent plugin

Thank you for providing such an excellent secure plugin.

@luizbills's Gravatar @luizbills

best security plugin

great job!

Leave a Comment

Your email address will not be published. Required fields are marked *

Click to access the login or register cheese