The Ultimate WordPress Site Migration Checklist

Posted on July 16, 2021 by Rob Pugh

There are a variety of reasons you might want to migrate your WordPress site. You could be unhappy with your current hosting provider. Or you may be launching a new version of your website. Either way, Jetpack Backup makes it easy thanks to the website cloning feature.

We want the entire process to be as simple as possible, so this WordPress site migration checklist will walk you through all the considerations for a seamless move.

Continue reading → The Ultimate WordPress Site Migration Checklist
Posted in Learn | Leave a comment

Behind the Scenes of Jetpack Search: An Exclusive Interview

Posted on July 13, 2021 by Rob Pugh

Jetpack Search has proven to be quite popular among WordPress site owners — and for good reason. This relatively new tool has the magical ability to understand the true intent of a visitor and serve up exactly what they’re looking for, all in a split second. Sometimes the perfect result is displayed even before the searcher has finished typing.

The outcome? People stay on sites longer. They read more, view more pages, and buy more products. 

If you haven’t read Kylie M. Interiors’ story, you should make the time. This incredible business from a small town in Canada receives more than 50,000 page views each day. They needed a reliable search plugin and their dreams came true with Jetpack Search. From the article:  

Kylie’s husband of 15 years, Tim, handles business operations and runs their WordPress site.  “At the end of it all, Jetpack Search was the best solution I found,” Tim said. “We’re euphoric over how well it works.” 

“Tim didn’t tell me that he changed the search function,” Kylie added. “One day I made a search and was like, ‘I got what I wanted!’”

Kylie described the new search functionality as a ”game changer” for her business. “Now you can find any of the 300 articles you’re looking for in a hot second,” she said. “I’m advertising it in my client consultations and telling people to use it because it works.”

Given the success of the plugin, we wanted to shine a light on the heroes behind the scenes. How exactly does it work? What’s the story behind it? 

We interviewed Jason Moon, who wrote most of the code for Jetpack Search, as well as other team members Chris Rosser and Robert Felty. We also got feedback from Greg Brown, who helped architect Jetpack Search and bring the idea to fruition.

Continue reading → Behind the Scenes of Jetpack Search: An Exclusive Interview
Posted in Learn | Leave a comment

Multiple vulnerabilities in Workreap theme by Amentotech

Posted on July 7, 2021 by Harald Eilertsen

Recently the Jetpack team found some infected files in one of our hosted customers’ sites, and quickly traced the source of infection back to the Workreap theme by Amentotech. We started an investigation and uncovered a number of vulnerable AJAX endpoints in the theme; the most severe of these was an unauthenticated unvalidated upload vulnerability potentially leading to remote code execution and a full site takeover.

We reported the vulnerabilities to the Amentotech team via the Envato Helpful Hacker program, and the issues were addressed promptly by them. Version 2.2.2 of the theme was released on June 29, 2021 that fixes the found vulnerabilities.

TL;DR

Due to the seriousness of the vulnerabilities, we highly recommend all users of the Workreap theme to upgrade to version 2.2.2 or later as soon as possible. 

Download the upgrade from the theme website and install it manually, or upgrade automatically via the Envato market plugin.

Continue reading → Multiple vulnerabilities in Workreap theme by Amentotech
Posted in Vulnerabilities | Tagged , , | Leave a comment

Jetpack 9.9: Make your best photos shine

Posted on July 6, 2021 by Steve D

At Jetpack, we are continuously working to develop a better product for you and your website. This month, we launched a revamped Carousel and made improvements to compatibility with WordPress 5.8.

Continue reading → Jetpack 9.9: Make your best photos shine
Posted in Releases | 8 Comments

Fake Plugin Alert: WordPress Plugin and User Backup Tool

Posted on July 1, 2021 by Fioravante Souza

Earlier in 2021, I shared how an attacker could leverage leaked or weak credentials to install fake plugins on a compromised site. Although the plugin featured in that blog post has shown some small changes since it was posted, attackers can upload a variety of malicious software using the same method; so in this article, I’ll share with you another recent example (thanks to Luke Leal for sharing it with me).

Continue reading → Fake Plugin Alert: WordPress Plugin and User Backup Tool
Posted in Vulnerabilities | Leave a comment

Meet Mike Stott: Jetpack CRM’s Eager Entrepreneur

Posted on June 24, 2021 by Rob Pugh

From birth, Mike Stott, a true entrepreneur, literally couldn’t wait to start tackling challenges. He joined Jetpack in a less-than-conventional way and now spends each day serving fellow entrepreneurs by developing the tools they need to succeed on WordPress. 

See how he turned a passion into a career, the surprising reason he had to rebrand his most famous product, and just how little his family actually knows about his job. 

Continue reading → Meet Mike Stott: Jetpack CRM’s Eager Entrepreneur
Posted in Meet Jetpack | Leave a comment

Jetpack from Anywhere: The Mobile App is Here

Posted on June 21, 2021 by Rob Pugh

There’s not much better than world-class security and analytics tools in a single plugin. But wouldn’t it be fantastic if all of these things were available on an app so you could access them on the go?

Announcing the new Jetpack mobile app, now available for iOS and Android — hooray! This robust app brings all of your favorite essential Jetpack features to your mobile device. Receive important notifications, keep tabs on site activity, restore a backup if necessary, scan for malware, view valuable site stats, and access other Jetpack features you love, anytime and anywhere. 

The app supports WordPress sites with Jetpack enabled and an account connected to WordPress.com.

To download the mobile app, click the buttons below or enter your email to get a link on your mobile device.

Continue reading → Jetpack from Anywhere: The Mobile App is Here
Posted in Jetpack News | Leave a comment

The Complete Guide to Migrating Your WordPress Site

Posted on June 14, 2021 by Rob Pugh

Moving your site to a new host can seem daunting, but it’s often necessary. Hosting provides the critical infrastructure needed to make your website available for users all across the world. It’s important that you choose one that’s reliable, secure, and high-quality.

But how do you know if you need a new hosting provider and how do you easily and safely move your site?

Continue reading → The Complete Guide to Migrating Your WordPress Site
Posted in Features, Learn | Leave a comment

Vulnerabilities Found in Motor WordPress Theme < 3.1

Posted on June 9, 2021 by Harald Eilertsen

During an audit of the Motor theme (full name “Motor – Cars, Parts, Service, Equipments and Accessories WooCommerce Store” by Stockware) for WordPress, we found a number of rather severe vulnerabilities.

These vulnerabilities would allow an unauthenticated attacker complete read access to files on the file system of the site host, and would also allow them to run any PHP scripts found in the file system. We did not identify any upload vulnerabilities in the Motor theme, but paired with other vulnerable plugins this could allow for a complete takeover of the vulnerable site.

We disclosed these vulnerabilities to the theme store who then contacted the theme vendor with our findings. A fixed version of the theme was released as version 3.1 on June 3, 2021. We encourage everybody using this theme to upgrade to the latest version immediately!

Continue reading → Vulnerabilities Found in Motor WordPress Theme < 3.1
Posted in Vulnerabilities | Leave a comment

Vulnerable Kaswara Modern WPBakery Page Builder Addons Plugin Being Exploited in the Wild

Posted on June 8, 2021 by Fioravante Souza

Back on April 20th, 2021, our friends at WPScan reported a severe vulnerability on Kaswara Modern VC Addons, also known as Kaswara Modern WPBakery Page Builder Addons. It is not available anymore at Codecanyon/Envato, meaning that if you have this running, you must choose an alternative.

This vulnerability allows unauthenticated users to upload arbitrary files to the plugin’s icon directory (./wp-content/uploads/kaswara/icons). This is the first Indicator Of Compromise (IOC) our friends at WPScan shared with us in their report.

The ability to upload arbitrary files to a website gives the bad actor full control over the site, which makes it hard to define the final payload of this infection; thus, we’ll show you everything we found so far (we got a little carried away on the research, so feel free to jump to the IOC section if you don’t want to read through).

Continue reading → Vulnerable Kaswara Modern WPBakery Page Builder Addons Plugin Being Exploited in the Wild
Posted in Vulnerabilities | Leave a comment

  • Enter your email address to follow this blog and receive news and updates from Jetpack!

    Join 110,210 other followers

  • Browse by topic