Jetpack 10.5: New features and under-the-hood improvements

The new year comes with a shiny new Jetpack. This month, we’re shipping new features for VideoPress, as well as other under-the-hood improvements and bug fixes to create a better Jetpack experience for you and your site.

Continue reading → Jetpack 10.5: New features and under-the-hood improvements

Posted in Features, Jetpack News, Releases | Tagged , , | Leave a comment
Real-time Backups For All text in bold with a 3D cloud on the right with a green checkmark within it

Never Miss a Moment: All Backups Are Now Real-time

Whether you have an eCommerce store, write about your favorite topics online, or promote services on your site, backups are absolutely critical. They provide incredible peace of mind — if your WordPress site is ever hacked or if it goes down for any reason, you can quickly and easily restore it in full.

Until now, Jetpack has offered daily backups as an option for site owners. And while this is a great step to protect your site, Jetpack’s real-time backups are the best way to get complete peace of mind. They save a copy of your site each and every time a change is made — a page is updated, a post is added, a setting is tweaked, or a product is purchased — all behind the scenes without requiring you to lift a finger. That way, you know that you’ll never lose a second of your hard work or a single customer order.

And we believe so strongly that every WordPress site should have real-time backups that we’re making them even more affordable and accessible.

That’s why we’re now including real-time backups in each of our Backup and Security plans.

Continue reading → Never Miss a Moment: All Backups Are Now Real-time

Posted in Ecommerce, Jetpack News, Security | Tagged , , | Leave a comment

Security Issues Patched in Smash Balloon Social Post Feed Plugin

During an internal audit of the Smash Balloon Social Post Feed plugin (also known as Custom Facebook Feed), we discovered several sensitive AJAX endpoints were accessible to any users with an account on the vulnerable site, like subscribers. Some of these endpoints could enable Stored Cross-Site Scripting (XSS) attacks to occur. 

A successful Stored XSS attack could enable bad actors to store malicious scripts on every post and page of the affected site. If a logged-in administrator visits one of the affected URLs, the script may run on their browser and execute administrative actions on their behalf, like creating new administrators and installing rogue plugins.

We reported the vulnerabilities to this plugin’s author via email, and they recently released version 4.0.1 to address them. We strongly recommend that you update to the latest version of the Smash Balloon Social Post Feed plugin and have an established security solution on your site, such as Jetpack Security.

Continue reading → Security Issues Patched in Smash Balloon Social Post Feed Plugin

Posted in Security, Vulnerabilities | Tagged , , | Comments Off on Security Issues Patched in Smash Balloon Social Post Feed Plugin

Multiple vulnerabilities in WP Fastest Cache plugin

During an internal audit of the WP Fastest Cache plugin, we uncovered an Authenticated SQL Injection vulnerability and a Stored XSS (Cross-Site Scripting) via Cross-Site Request Forgery (CSRF) issue.

If exploited, the SQL Injection bug could grant attackers access to privileged information from the affected site’s database (e.g., usernames and hashed passwords). It can only be exploited if the classic-editor plugin is also installed and activated on the site. 

Successfully exploiting the CSRF & Stored XSS vulnerability could enable bad actors to perform any action the logged-in administrator they targeted is allowed to do on the targeted site.

We reported the vulnerabilities to this plugin’s author via email, and they recently released version 0.9.5 to address them. We strongly recommend that you update to the latest version of the plugin and have an established security solution on your site, such as Jetpack Security.

Continue reading → Multiple vulnerabilities in WP Fastest Cache plugin

Posted in Security, Vulnerabilities | Tagged , , | Comments Off on Multiple vulnerabilities in WP Fastest Cache plugin
New Jetpack Release

Jetpack 10.2: Get More Widget Visibility Controls

Jetpack 10.2 is now available for download. We have some cool new features for you along with several bug fixes and performance enhancements.

Continue reading → Jetpack 10.2: Get More Widget Visibility Controls

Posted in Releases | Tagged , , , | Comments Off on Jetpack 10.2: Get More Widget Visibility Controls
Improved Jetpack Experience

Jetpack 10.1: Customize Search in Block Editor

A new month has arrived along with a shiny new version of Jetpack that provides an enhanced experience for you and your site visitors.

Continue reading → Jetpack 10.1: Customize Search in Block Editor

Posted in Jetpack News, Releases | Tagged , , , | Comments Off on Jetpack 10.1: Customize Search in Block Editor

Multiple vulnerabilities in Workreap theme by Amentotech

Recently the Jetpack team found some infected files in one of our hosted customers’ sites, and quickly traced the source of infection back to the Workreap theme by Amentotech. We started an investigation and uncovered a number of vulnerable AJAX endpoints in the theme; the most severe of these was an unauthenticated unvalidated upload vulnerability potentially leading to remote code execution and a full site takeover.

We reported the vulnerabilities to the Amentotech team via the Envato Helpful Hacker program, and the issues were addressed promptly by them. Version 2.2.2 of the theme was released on June 29, 2021 that fixes the found vulnerabilities.

TL;DR

Due to the seriousness of the vulnerabilities, we highly recommend all users of the Workreap theme to upgrade to version 2.2.2 or later as soon as possible. 

Download the upgrade from the theme website and install it manually, or upgrade automatically via the Envato market plugin.

Continue reading → Multiple vulnerabilities in Workreap theme by Amentotech

Posted in Vulnerabilities | Tagged , , | Comments Off on Multiple vulnerabilities in Workreap theme by Amentotech

Six Newsletter Ideas to Connect With Your Readers

You just set up an email subscription sign-up form on your website. What should you do next? Email marketing can seem like an overwhelming concept for those just getting started, but it doesn’t have to be this way!

One of the most popular forms of email marketing is sharing a weekly or monthly newsletter. Let’s take a look at two of the most pressing decisions for beginners: what newsletter content should you create and how should you format it to achieve your goals?

Continue reading → Six Newsletter Ideas to Connect With Your Readers

Posted in Tips & Tricks | Tagged , , , , | Comments Off on Six Newsletter Ideas to Connect With Your Readers

Website Customization: Renaming Sections on Your WordPress Site

Website customization is one of the best ways to ensure that your site reflects your brand’s voice, style, and personality. It typically involves incorporating your brand’s colors and fonts, uploading your logo as the header image, adding a background design, and including branded images in your posts.

However, the branding process of site development doesn’t have to stop with the basics. There are a few extra customizations that can get overlooked, even though they’re some of the easiest ways to add an extra touch of personality to your site. One of these customizations is the ability to rename site sections.

Today, we’ll explain why you want to rename your site sections, and the various tools and widgets available to customize the different parts of your website.

Continue reading → Website Customization: Renaming Sections on Your WordPress Site

Posted in Website Design | Tagged , , , , , | 2 Comments
Jetpack New Release

Jetpack 6.1: General Maintenance

Happy May and welcome to Jetpack 6.1. This month brings us another general maintenance release, so you won’t find any big surprises here, but there are still some important improvements to learn about.

The new things you’ll find in 6.1 are:

Privacy information links added

Jetpack’s position regarding its users and their visitors’ privacy has been enhanced in the process to make all of Automattic’s software GDPR-compliant.

You will now will see a footer on the “More Info” popover that appears next to each feature setting. These link to specific sections in our support docs describing privacy implications in the event you want to learn more about them.

Stats and Do Not Track changes

We now offer the users a way to have a clear map of the privacy implications of each Jetpack feature. We also introduced a new filter that will honor the Do Not Track feature for visitors that choose to take advantage of it.

Note that this only affects Jetpack’s own Stats feature and nothing else.

WordAds improvements

There are two improvements to the WordAds program to share this month. First, we’ve added support for the ads.txt file.

Second, we’ve introduced a new shortcode, [wordads], which allows you to include an ad inline on any given post or page content. This will give you even more flexibility in defining where your ads appear on your site.

Additional performance enhancements

There are a few bugfixes and enhancements in this release, but the main issues we tackled are the following:

  • When a post transitions to publish, Jetpack used to add Publicize post meta to all posts, whether or not it was a Publicize-able post type. This has been adjusted.
  • We removed the Sharing and Like display functionality from WooCommerce’s Cart, Checkout, and Account pages.
  • Users running their site on PHP 7.2 were seeing notices on their logs related to language features that were updated with this latest release of PHP. These notices should now be addressed.

Full changelog and thanks

As always, you can read the full changelog and see what else we have improved in this release.

Install Jetpack on your site or upgrade to 6.1 today to experience the latest and greatest!

Thanks to all the contributors to this release:

Aaron Douglas, Alex Mills, Allen Snook, Anthony Bubel, Brandon Kraft, Daniel Walmsley, David Newman, Derek Smart, Eric Johnson, Egill R. Erlendsson, Elio Rivero, Enej Bajgoric, Eric Binnion, George Stephanis, Igor Zinovyev, Javi Alvarez, Jacopo Tomasone, Jason Johnston, Jeremy Herve, Jeff Bowen, Jeff Stieler, Joan Rho, Justin Shreve, Lance Willett, Michael D Adams,  Michael Turk, Miguel Lezama, Mikael Korpela, Mike Jolley, Niels Lange, Oscar Lopez, Peter Westwood, Rastislav Lamoš, RC Lations, Rob Landers, Rocco Tripaldi, Taegon Kim, Tugdual de Kerviler, Yaroslav Kukharuk, and Žiga Sancin.

 

Posted in Releases | Tagged , , | 2 Comments
  • Enter your email address to follow this blog and receive news and updates from Jetpack!

    Join 110,316 other followers

  • Browse by topic