In this release, we have shipped several under-the-hood improvements for an enhanced Jetpack experience.
Continue reading → Jetpack 10.6 – Behind-the-scenes improvements for your site
Jetpack 10.5: New features and under-the-hood improvements
The new year comes with a shiny new Jetpack. This month, we’re shipping new features for VideoPress, as well as other under-the-hood improvements and bug fixes to create a better Jetpack experience for you and your site.
Continue reading → Jetpack 10.5: New features and under-the-hood improvements
Posted in Releases
Tagged Jetpack, VideoPress
Comments Off on Jetpack 10.5: New features and under-the-hood improvements
Never Miss a Moment: All Backups Are Now Real-time
Whether you have an eCommerce store, write about your favorite topics online, or promote services on your site, backups are absolutely critical. They provide incredible peace of mind — if your WordPress site is ever hacked or if it goes down for any reason, you can quickly and easily restore it in full.
Until now, Jetpack has offered daily backups as an option for site owners. And while this is a great step to protect your site, Jetpack’s real-time backups are the best way to get complete peace of mind. They save a copy of your site each and every time a change is made — a page is updated, a post is added, a setting is tweaked, or a product is purchased — all behind the scenes without requiring you to lift a finger. That way, you know that you’ll never lose a second of your hard work or a single customer order.
And we believe so strongly that every WordPress site should have real-time backups that we’re making them even more affordable and accessible.
That’s why we’re now including real-time backups in each of our Backup and Security plans.
Continue reading → Never Miss a Moment: All Backups Are Now Real-time
Security Issues Patched in Smash Balloon Social Post Feed Plugin
During an internal audit of the Smash Balloon Social Post Feed plugin (also known as Custom Facebook Feed), we discovered several sensitive AJAX endpoints were accessible to any users with an account on the vulnerable site, like subscribers. Some of these endpoints could enable Stored Cross-Site Scripting (XSS) attacks to occur.
A successful Stored XSS attack could enable bad actors to store malicious scripts on every post and page of the affected site. If a logged-in administrator visits one of the affected URLs, the script may run on their browser and execute administrative actions on their behalf, like creating new administrators and installing rogue plugins.
We reported the vulnerabilities to this plugin’s author via email, and they recently released version 4.0.1 to address them. We strongly recommend that you update to the latest version of the Smash Balloon Social Post Feed plugin and have an established security solution on your site, such as Jetpack Security.
Continue reading → Security Issues Patched in Smash Balloon Social Post Feed Plugin
Posted in Security, Vulnerabilities
Tagged Jetpack, Vulnerabilities
Comments Off on Security Issues Patched in Smash Balloon Social Post Feed Plugin
Multiple vulnerabilities in WP Fastest Cache plugin
During an internal audit of the WP Fastest Cache plugin, we uncovered an Authenticated SQL Injection vulnerability and a Stored XSS (Cross-Site Scripting) via Cross-Site Request Forgery (CSRF) issue.
If exploited, the SQL Injection bug could grant attackers access to privileged information from the affected site’s database (e.g., usernames and hashed passwords). It can only be exploited if the classic-editor plugin is also installed and activated on the site.
Successfully exploiting the CSRF & Stored XSS vulnerability could enable bad actors to perform any action the logged-in administrator they targeted is allowed to do on the targeted site.
We reported the vulnerabilities to this plugin’s author via email, and they recently released version 0.9.5 to address them. We strongly recommend that you update to the latest version of the plugin and have an established security solution on your site, such as Jetpack Security.
Continue reading → Multiple vulnerabilities in WP Fastest Cache plugin
Posted in Security, Vulnerabilities
Tagged Jetpack, Scan
Comments Off on Multiple vulnerabilities in WP Fastest Cache plugin
Jetpack 10.2: Get More Widget Visibility Controls
Jetpack 10.2 is now available for download. We have some cool new features for you along with several bug fixes and performance enhancements.
Continue reading → Jetpack 10.2: Get More Widget Visibility Controls
Jetpack 10.1: Customize Search in Block Editor
A new month has arrived along with a shiny new version of Jetpack that provides an enhanced experience for you and your site visitors.
Continue reading → Jetpack 10.1: Customize Search in Block Editor
Posted in Jetpack News, Releases
Tagged Carousel, Jetpack, jetpack search, release
Comments Off on Jetpack 10.1: Customize Search in Block Editor
Multiple vulnerabilities in Workreap theme by Amentotech
Recently the Jetpack team found some infected files in one of our hosted customers’ sites, and quickly traced the source of infection back to the Workreap theme by Amentotech. We started an investigation and uncovered a number of vulnerable AJAX endpoints in the theme; the most severe of these was an unauthenticated unvalidated upload vulnerability potentially leading to remote code execution and a full site takeover.
We reported the vulnerabilities to the Amentotech team via the Envato Helpful Hacker program, and the issues were addressed promptly by them. Version 2.2.2 of the theme was released on June 29, 2021 that fixes the found vulnerabilities.
TL;DR
Due to the seriousness of the vulnerabilities, we highly recommend all users of the Workreap theme to upgrade to version 2.2.2 or later as soon as possible.
Download the upgrade from the theme website and install it manually, or upgrade automatically via the Envato market plugin.
Continue reading → Multiple vulnerabilities in Workreap theme by Amentotech
Posted in Vulnerabilities
Tagged Jetpack, WordPress
Comments Off on Multiple vulnerabilities in Workreap theme by Amentotech
Six Newsletter Ideas to Connect With Your Readers
You just set up an email subscription sign-up form on your website. What should you do next? Email marketing can seem like an overwhelming concept for those just getting started, but it doesn’t have to be this way!
One of the most popular forms of email marketing is sharing a weekly or monthly newsletter. Let’s take a look at two of the most pressing decisions for beginners: what newsletter content should you create and how should you format it to achieve your goals?
Continue reading → Six Newsletter Ideas to Connect With Your Readers
Posted in Tips & Tricks
Tagged analytics tools, email marketing tools, Jetpack, newsletter content, WordPress
Comments Off on Six Newsletter Ideas to Connect With Your Readers
Join 112.5K other subscribers
Browse by Topic
- Analytics (8)
- Code snippets (32)
- Contribute (6)
- Customer Stories (6)
- Ecommerce (17)
- Events (5)
- Features (63)
- Grow (21)
- Hosting (5)
- Innovate (7)
- Jetpack News (53)
- Learn (97)
- Meet Jetpack (15)
- Mobile (1)
- Performance (41)
- Photos & Videos (12)
- Promotions (2)
- Releases (180)
- Scan (2)
- Search Engine Optimization (12)
- Security (98)
- Small Business (16)
- Social Media (32)
- Support Stories (3)
- Tips & Tricks (86)
- Utilities & Maintenance (8)
- Vulnerabilities (23)
- Website Design (15)
- WordAds (1)
- WordCamp (4)
Website Customization: Renaming Sections on Your WordPress Site
Website customization is one of the best ways to ensure that your site reflects your brand’s voice, style, and personality. It typically involves incorporating your brand’s colors and fonts, uploading your logo as the header image, adding a background design, and including branded images in your posts.
However, the branding process of site development doesn’t have to stop with the basics. There are a few extra customizations that can get overlooked, even though they’re some of the easiest ways to add an extra touch of personality to your site. One of these customizations is the ability to rename site sections.
Today, we’ll explain why you want to rename your site sections, and the various tools and widgets available to customize the different parts of your website.
Continue reading → Website Customization: Renaming Sections on Your WordPress Site