The developers of Divi announced on Jan 17th that All WordPress sites using Divi or the Divi builder must update their plugin or theme. it is always important to keep up with updates on any WordPress site. If you don’t then you could be at risk.
See the announcement from Divi – Elegant Themes on Jan 17th.
Today our core product framework was updated to fix an unintended information exposure within password protected post excerpts. This includes all of our WordPress themes and the Divi Builder plugin. Updating these themes and plugins to their latest versions will patch the flaw, keeping your website content secure.
WordPress allows posts (and Pages) to be password protected. When password protected posts are viewed or displayed within a post feed, post content is hidden pending password authentication. Our products did not treat these posts correctly when displaying excerpts. Post excerpts for password protected posts (and Pages) were mistakenly displayed on theme index pages and within post-based Divi Builder modules. Excerpts typically include the first ~40 words of a post unless otherwise defined. Full post content and individual post URLs were correctly protected.
Are You Affected?
This problem only affects customers who have published password protected posts and pages. Only the brief excerpts of these posts were potentially exposed within front-end website content. This does not affect WordPress admin authentication or any other password authentication on your website.
How To Fix It
Updating your themes and plugins will fix this problem. You can update your themes or plugins from within your WordPress dashboard, or you can download the latest versions from the member’s area and update them manually. This affects all Elegant Themes themes and the Divi Builder plugin. If you are using any of these products and you have published password protected posts, we recommend updating to the latest version.
What If You Can’t Update Right Now?
If you are unable to update your themes/plugins right away, you can use our security patcher plugin to patch the vulnerability without updating your products. This is a free download for all customers. Installing this plugin will fix the problem, and you can continue to use the security patcher plugin until you are able to update your products to their latest versions.
If you need this security patch then you need to contact us at immediately.
Has Your Account Expired?
We are making these updates available for free to all expired accounts. Even if your account has expired, you can still update your themes or plugins to their latest versions via your WordPress dashboard. Expired accounts will not be restricted from updating.
We Are Here To Help
Security is extremely important to us and we take a number of precautions to help mitigate issues like this. Unfortunately, something slipped through the cracks this time, but we will continue to work hard to prevent similar mistakes from happening in the future.
If you have any questions or concerns, please know that our virtual doors are always open. If there is anything we can do to help, just let us know.
More from Coffee Web Design Team
Since many of our clients do not have an Elegant Themes account, then you need to contact us so that we can make sure that your site gets updated ASAP.
To date, we still feel like the Divi theme is one of the best WordPress Themes we have used in building designs for WordPress sites. If you would like to have your own account to manage your Divi theme, then you can purchase the Divi theme membership through Coffee Web Design and we will be happy to adjust your settings in your WordPress site, so you have all the latest news and great stuff coming into Divi future versions!
When developing a site design, we at Coffee Web Design take into account people who have color blindness and make recommendations on site designs and colors keeping this in mind.
We have to remember that people have different optical views when viewing their computer or media devices. We can adapt colors, hues in images, links, and content on your site. This is why we do not recommend some ‘true’ colors but maybe a hue variation of your choice color.
Color Blind Web Page Filter
You can always test your site and see how others view it by using this Color Blind Web Page Filter Tool
All you have to do to use this Color Blindness filter tool is:
- Enter your URL (include the http:// or https://)
- Choose which color blindness filter you would like to see the conversion in
- Important! Since there are different types of color blindness, you will want to select the filter for Greyscale/achromatopsia – quick check for all forms of colorblindness.
- Fetch and render. You will see the tool work in real time so proper adjustments can be made.
Throughout the years, WordPress has evolved from a simple blogging platform into a versatile content management system. Today, this open source software tool enables you to create anything between a simple blog and a fully functional website.
The popularity of WordPress has been constantly increasing, as it’s flexible, easy to use, and has many powerful features. Many leading companies, including Forbes, eBay, and The New York Times, have chosen WordPress to power their websites, making it the most used CMS worldwide.
Take a look at this Website Builder infographic to learn some amazing facts that you probably didn’t know about WordPress.
Source: 51 Amazing Facts You Probably Don’t Know About WordPress
Keep your WordPress secure with Secure Hosting WP
If you are a WordPress designer or developer who installs WordPress many times, and you are still installing WordPress automatically (e.g. using SimpleScripts or Softaculous in your cPanel), you should read this article. I will explain how to install WordPress the correct way and properly secure it. I have divided the process into 7 steps and I recommend you doing each one every time you set up a new WP installation. Here we go to my list.
1) Install WordPress the Manual Way
The first and the most important step to a secure WordPress installation is to install it manually. I don’t recommend installing WordPress automatically using the tools in your web hosting account control panel. It is not recommended, because these tools automatically set your WordPress username as “admin” and this is definitely not good for security. Or, they don’t allow you to change your database table prefix from the default “wp_” to something else (using the default wp_ prefix can be a security risk). So because of this I always prefer to install WordPress the manual way, even if it takes a little longer.
2) Don’t use “admin” as Your Username
Like mentioned above, never use “admin” as your WordPress username. If a potential hacker would try to guess your WP login details, the first thing they would try would be logging in with “admin” as your username. So because of this it is always recommended to use something different.
3) Use a Strong Password
This is a must and I’m sure you already know this. Use a strong password with both small and big characters, numbers and special characters like e.g. $ or &. I also recommend installing a password manager into your browser to manage all your passwords (this way you don’t have to remember them). You could try for example LastPass, as it’s free.
4) Remove Unnecessary Plugins and Themes
The first thing that I do after logging into my new WordPress dashboard is to delete the inactive plugins and themes that you won’t need. If you know that you will not be using a certain plugin or theme, you should remove it. This will make your WordPress installation cleaner.
5) Change Your WordPress Login Page
To take the security of your WordPress website even further, another good practice is to rename your WordPress admin login page. So, it won’t be yourwebsite.com/wp-login.php but for example yourwebsite.com/ml05pg2. You can use a free plugin for this, e.g. WPS Hide Login. This will make it even harder for anyone trying to log into your WordPress installation.
6) Prevent Spam Comments
Another thing good to do with every WP installation is to set the rules for your comments. In your WP admin panel in Settings > Discussion you can either completely forbid comments, or set a rule like, for example, to make the name and email field mandatory. An important option is to have the setting “A comment is held for moderation” enabled, so that you can manually moderate your comments. And I also recommend using a plugin to prevent comments spam on your blog. You can use Akismet or WP-SpamShield for example.
7) Backup Your Install
The last step to secure your website, is to have an actual backup of your whole installation. You can use a plugin like UpdraftPlus for this. And you can even schedule your backups to be automatically made e.g. every week, so that you always have an actual copy of your website that you can restore if anything goes wrong.
Source: 7 Steps to Secure Your New WordPress Installation
If you need help in securing your WordPress Site, contact us to help you.