It seems like the whole world has started to focus on hardware security lately, but there are still plenty of reasons to keep your software up to date. Two of them applied to our service this month.
WordPress 4.9.2 Security Update
Early this year, two independent researches disclosed an XSS security vulnerability in the Flash fallback files used by the WordPress media editor. It’s something that was still available in WordPress 4.9, but essentially never used. This update, applied immediately to all PureNyx sites, removed the fallback editor. The update also fixed 21 noncritical bugs reported throughout WordPress, including a number of usability issues. If you encounter any problems with these changes, please contact us!
Divi Password Protected Content Updates
A security update for our most common theme, Elegant Themes Divi, removed the ability to read an automatically generated excerpt of password protected pages. We have been recommending ways to avoid this issue to our few users of the feature, and will continue to suggest that best practice is to manually add a noncritical excerpt into any password protected content. While these features are useful, they should not be used for extremely sensitive data or to protect pages under development. We’d be happy to suggest ways that you protect sensitive data and we have a great alternative for securely sharing content under development. Contact us if you have questions!
PHP 7 Incoming
At month’s end, we will begin final testing for converting all our sites to a new infrastructural component – PHP 7. This process will cause a significant increase in speed for every site, but also requires that we heavily adjust or even deprecate certain plugins and themes. This will only affect a few sites and we are coordinating individually with site owners and users.