Tag Archives: Code

Remote Code Execution Vulnerability Patched in WPML WordPress Plugin – WP Tavern

[ad_1] The popular WordPress Multilingual plugin, WPML, which is installed on over 1,000,000 websites, has patched a Remote Code Execution (RCE) vulnerability (CVE-2024-6386) that researchers have classified as “Critical,” with a CVSS score of 9.9. Users are strongly advised to update their websites to the patched version, WPML 4.6.13. Security researcher Mat Rollings (stealthcopter) discovered and reported the vulnerability through the Wordfence Bug Bounty program, earning a bounty of $1,639. Wordfence’s István Márton explained: “The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.6.12 via Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server.” Matt Rollings dubbed this vulnerability “a classic example of the dangers of improper input sanitization in templating engines” and has shared more technical details about this vulnerability on his blog.  In the past eight days, researchers have earned $21,037 as bounties for reporting three critical plugin vulnerabilities: GiveWP, LiteSpeed Cache, and WPML. [ad_2] Source link

Continue reading

How to Add Header and Footer Code in WordPress

[ad_1] The WordPress platform does a great job to help those without coding experience to implement just about any type of functionality. However, in some cases you’ll need to add header and footer code in WordPress to help third-party services embed its own functionality. The most typical use case for this is to integrate Google Analytics into your site. However, there are plenty of other reasons you’ll want to do this – you may already know why you want to carry this task out. For this tutorial, we’re going to show you a couple of ways to add header and footer code in WordPress. First though, we’re going to take a look at the sorts of reasons you’d want to do this in the first place. What You Can Achieve With Extra Code in the Header and Footer of Your Site A standard website will break down into a few different components, much like a text document: Header. Your site’s header contains a number of ‘pre-loading’ elements, and details about your Secure Sockets Layer (SSL) certificate, encryption, any JavaScript, and more. Footer. This operates in a similar way to your header, but instead ends up at the bottom of the page. Body. Most of the functionality you implement on your site will be within the ‘body’ of your content. This is the primary focus of almost everything within the WordPress dashboard, and the body represents what you see on the page. Servers will load pages in a linear way – the head, body, then footer. This means the code in the header will load first, but footer code will load after everything else. Everyday Code Snippet Use Cases Social media and Search Engine Optimization (SEO) tools will often need you to add header code in WordPress. This is because those services have to take some priority when a site loads in order to log everything that comes after it. It’s a similar situation with CSS code, because this dictates how your site will look. If this was in the footer, you’d see an array of layout changes before you see the styling. While JavaScript helps us to produce, view, and interact with modern websites, it isn’t a necessary component (in a technical sense.) As such, JavaScript in the footer will give you greater performance in many cases, and if you have that option, you should go with it. In fact, there are many more use cases, and we cover them in more detail in another article on the WPKube blog. However, in a typical WordPress situation, you don’t have access to the header and footer elements of your site. To do this, you’ll need to either get your hands dirty, or call on outside help. How to Add Header and Footer Code in WordPress (2 Ways) Over the rest of the article, we’re going to cover two ways to add header and footer code in WordPress. Both are simple, but we prefer one over the other: You can use a plugin to help you add the code to the right areas of your site. You’re able to add code to your functions.php file, and you’ll need to have extra knowledge on how to access your site’s files. We’re going to look at the plugin option first, for reasons we’ll explain shortly. 1. Use a Plugin to Add Code to Your Header and Footer If you want to implement something in WordPress, a plugin should do the job for you. We’d consider a plugin the default in most cases for WordPress websites. As such, if you want to add header and footer code in WordPress, the Embed Code plugin will be ideal: This is a solution that our sister site DesignBombs develops, and it gives you a quick and painless way to add code either to your site as a whole, specific pages or posts, and even custom post types. To use it, you’ll install and activate the plugin in the typical WordPress way. When this process finishes, you’ll see a new Settings > Embed Code option on the dashboard: On this screen, you’ll spot two text areas: one for the head and one for the footer. You’ll even get a hint as to where the code you enter will sit within your HTML: Using this tool is super-straightforward. Once you enter your code, save your changes. This will add any code here on a global (i.e. site-wide) level. However, you may only want to add code to an individual post or page. You can do this through the Block Editor – the metabox and options you need are at the bottom of the screen: While Embed Code is our preferred method, and one you should use for the minimum of fuss, there is also another way that can get you the results you need. We’ll look at this one next. 2. Add Code Snippets to Your functions.php File Every WordPress installation can access a dedicated functions.php file within its top-level or theme-specific directory. This enables you to add snippets of code to help WordPress use more functionality. However, there are some prerequisites you’ll need to understand and have in place before you begin: You access your WordPress core files – and by extension, the functions.php file – using Secure File Transfer Protocol (SFTP.) As such, you’ll need knowledge of how this works in order to find your sites files and work with them. We’d also recommend you use a child theme, in order to preserve your changes if the theme in question receives an update. You’ll want at least working knowledge of WordPress hooks, actions, and filters. What’s more, you’ll want to understand how WordPress accesses your header and footer through these hooks. When it comes to using SFTP, WPKube has a selection of articles that you can consider essential reading: You may also want to look at the WordPress Developer hook library, especially those entries for wp_head and wp_footer, although this is optional as you won’t use them

Continue reading

Honest Thoughts + Discount Code (2022)

[ad_1] Considering using the Blocksy theme to build your WordPress site? In our hands-on Blocksy theme review, we’ll help you decide if this multipurpose theme is right for your site. If it is, we’ll also share our exclusive Blocksy discount code, which will get you 10% off your purchase. Blocksy is a lightweight multipurpose theme that you can use to build literally any type of website, from blogs to business websites, portfolios, eCommerce stores, and more. In general, I think that it deserves a spot on the list of top options that use this lightweight, multipurpose approach. It’s packed with well-designed Customizer options to help you easily customize your theme. For more advanced users, it also offers strong tools for custom layouts, conditional content, and more. And for WooCommerce stores, you get tons of advanced features. There are a few downsides. For example, while all of its demo sites look amazing, the quantity is pretty limited when compared to similar themes. But overall, Blocksy is a great theme and you certainly won’t be disappointed in using it for your site(s). To help you understand why I say that, here’s everything that we’ll cover in our Blocksy review: ⚙️ Exploring Six Key Features in Blocksy: How to Use It To kick off our Blocksy review, let’s look at some of the most notable features and what it’s like to use Blocksy. 1. 25+ Importable Demo Sites To get started with Blocksy, you can either design your site from scratch or import one of Blocksy’s 25+ pre-built demo sites. While only having 25+ demo sites is a bit limiting when compared to other themes that are offering 100+ sites, the demo sites all look amazing. Basically, while the quantity might lag other themes, the quality is top-notch and equal to or above all the other themes I’ve looked at. You can browse the full collection here: Some demo sites are built with both Elementor and Gutenberg (and a few support Brizy), while others only support Gutenberg. When you import a demo site, you can choose to import just the Customizer settings or the demo content too. If it supports multiple builders, you can also choose your preferred builder. Overall, the demo import process has a very nice wizard, which includes setting up a child theme for you: And just like that, you can have your site looking like the demo in under a minute. 2. Very Detailed Customizer Options To control the general design of your site, you’ll use the native real-time Customizer, along with tons of built-in options. You can use these options to control your blog layouts, colors, typography, headers, footers, and so on. In general, you get a ton of options, so I can’t show you everything. But let’s take a look at some of the most notable areas… Header and Footer Builder To control your header and footer, Blocksy gives you a drag-and-drop builder inside the Customizer. You can use a bunch of different elements to add content to the header grid. You can also use the options at the bottom to customize your header for different user devices: You’ll also get additional options to customize the overall header, as well as individual header rows and elements. Blog Layouts You get a bunch of options to control the layouts for both individual blog posts and your blog archive pages. Blog archive options: Blog single options: Blocksy also has some nice touches, such as giving you dedicated options to customize comments sections, author pages, and category pages. Colors You can set up a unified global color palette to keep consistency. If needed, you can then adjust individual colors when working on specific parts of your site. Typography To control typography, Blocksy has a nice system that lets you set up typography for different types of text: You’ll also get typography options in some other areas, such as dedicated options for the post title, excerpt, and other details. You saw some of these in the blog archive screenshots above. 3. Page-Level Controls In addition to the Customizer options, Blocksy also offers detailed page-level controls that let you control the layout of your posts/pages on an individual level. This gives you full control over the canvas, which is great for both using the block editor or integrating with page builder plugins. Here’s what you can do: Hide the page title. Choose different page layouts. Adjust the background color. Adjust the spacing. Hide other page elements (featured image, share box, header, or footer). Here, you can see all of the Blocksy page-level controls: 4. Conditional Headers, Footers, and Sidebars (Pro) With the free version of Blocksy, you can fully customize your header, footer, and sidebar…but you can only have one version of each element for your site. With Blocksy Pro, however, you can create multiple designs and use conditional rules to display each one. This lets you optimize those elements for different parts of your site. For example, you could create a custom header for a certain post type or for blog posts in a certain category. Or, you could create different headers for anonymous users vs logged-in users or even users with different roles, which is especially great for membership sites, online stores, and online courses. For example, with headers, you’ll get an option to add a new header inside the header builder: You can then design that header just like you created your global header. The one addition is that you’re able to set up conditional rules for that header to control when to use it: Pretty dang useful! 5. Custom Layouts/Hooks, AKA Content Blocks (Pro) Blocksy Content Blocks are a more advanced feature that helps you customize your site. With Content Blocks, you can create three types of custom designs: Custom content that you inject at different spots in your theme using hooks. Popups that you can display on your site. Custom theme templates, such as designing a custom single post template.  If you’re a casual user, you

Continue reading

Making The World A Better Place One Line Of Code At A Time

[ad_1] Este ensayo también está disponible en español. How I Met WordPress It seems like only yesterday that I thought to myself… There have to be a better way to do this? At that time I was working as a designer for a company dedicated to sports and we were working internally on a kind of CMS to digitize our Football News magazine, but the result was horrendous, the interface did not exist, it constantly crashed and it was full of bugs. That’s how in the year 2008-2009 in an Internet search I discovered WP, its version at that time 2.5, I couldn’t get us to use WP as a CMS and the internal solution won. But there was one seed planted. At that time I used WordPress in a very simple way, my background was a graphic designer, I didn’t know anything about PHP, much less about programming, but studying the WP code I was able to make my first themes, which by the way were terrible. I learned HTML and CSS, at the same time I started taking Programming courses, especially in PHP, and that’s how I started this adventure. The first years were literally learning on my own, in my bubble, then I started to add the word web developer in my resume, I found a job in a company as a designer and web master, I designed gif banners, magazine ads, brochures and the website , this company had its page in ASP and since it was very complicated to update it, at least for me, I gave myself the task of migrating it to WordPress, it was 2014 and WP was in version 3.9, this was my first job in which I did everything from the design to the development and programming of the theme, in it I put into practice everything I had learned until then. Community In 2016, I met Roberto Remedios, my tattoo artist who was also his tattoo artist, told him that if didn’t know me?, Costa Rica is a small country where one way or another we all have friends in common, he told him that my passion was WordPress, when we met we didn’t stop talking about how cool it was, but what caught my attention the most was the word Community. Community what was that?, I had spent so many years working on my own that I didn’t know that it even existed, my concept of Open Source was simply something free. Roberto convinced me that same year to go to WordCamp Miami, it was my first camp, meeting the community behind WP was something that impressed me a lot, the talks, the desire to teach and learn from all the participants, and above all to collaborate with the community, wow everything changed for me. When we got back, Roberto and I started talking about the possibility of holding a WordCamp in San José, Costa Rica. Part of that process is giving talks before the camp as a way to promote it, and as a member of the newly founded WordPress Costa Rica group, it was time for me to give a talk. It was the first time I spoke in front of the public since my student days, I remember how nervous I was, my talk revolved around page builders, there was no Gutenberg back then, I managed to get the Meetup sponsored, there were snacks, swags, A lot of people came, it was incredible. Colleagues who participated that day in that Meetup, are still an active part of the community. I gave that same talk at WordCamp and it was even more stressful, because my computer did not turn on, at that moment they lent me a computer, but oh surprise I could not run my test site, after 20min I was able to solve the problem, the JavaScript was disabled. I was already sweating profusely, red with shame, in the end I was able to give the talk and everything ended well. WordCamp San Jose, it was incredible, it was hard work, very rewarding, it was a success, never before had I felt so good professionally, years had passed, without sharing something that I like so much with anyone, suddenly we had a community, we meet regularly, and share about what we are most passionate about. Recently my talks revolve around making my local community aware of new WordPress trends, I collaborate as an administrator of the WordPress Costa Rica group. Outside Costa Rica The second year that I attended WordCamp Miami, I participated as a volunteer, and I had the opportunity to interact with many of the humans that I follow on social media, and then I was encouraged to send talks and participate in the WordCamps that take place in my region. Eager to share what I have learned, to date I have participated as a volunteer, speaker, and organizer in my city Costa Rica, Nicaragua, Mexico and in the first Central American WordCamp which was held online. Then came the talks in another language, I have had the opportunity to give talks in Rome, Italy, I participated as a volunteer in the WordCamp US, where I had the opportunity to meet colleagues and the CEO of a company that I admire a lot, this was in Nashville , U.S. seeing colleagues with whom I have had the privilege of working today, my circle of friends expanded. Also had participate in online conferences, such as GatsbyConf, JavaScript For WordPress and at WordCamp EU 2021. I like to share and talk about JAMStack, especially with GatsbyJS and WordPress as a headless CMS. Professional Path I have a lot to thank WordPress for, the first thing it brought was the curiosity to learn programming, then remote work. I started working for an agency located in Austin, Texas, with several collaborators in Costa Rica, it was the year 2017, they hired me for my knowledge in WordPress, it was not only the first time that

Continue reading