New WordPress 4.9.2 Security and Maintenance Release

WordPress has just released a new maintenance/security update which impacts all the WordPress version since WordPress 3.7.

It has been found that there is a security vulnerability in Flash Fallback, a media element included in older versions of the WordPress library. Now it has been removed from WordPress and the new update Version 4.9.2 will no longer contain it.

WordPress 4.9.2 will also cover fixes for a handful of smaller bugs found in the 4.9.1 release series. These fixes include JavaScript errors that prevented saving posts and the ability to restore previous widget assignments when switching themes, among other 21 bug fixes.

As a client of Ezone, no action is required at your end. We have already updated your site and you can be sure that you now have the secured version running.

If your site is not maintained by Ezone, we recommend that you update your site immediately. Be sure to backup your current WordPress site first and then simply go to Dashboard >> Updates >> Update Now to proceed with the update to WordPress 4.9.2.

New WordPress 4.9 Features

WordPress 4.9 is called Tipton, the new update version which was released November 14th. The new features basically offer three major improvements:

  1. Changes to the Customizer workflow
  2. Brand new Gallery widget
  3. Introduction of the CodeMirror editor

Customizer Improvements

Several new features in the Customizer for themes make the workflow process simpler and more efficient. 

changes in WordPress 4.9 customizer workflow

Saving theme changes as draft

The Save Draft button saves any current customization tweaks to your site’s design as a draft and you can finish working on them next time you open the Customizer.

Share Preview Link

The Share Preview Link provides a live URL that you can share to clients and colleagues to collaborate on the new changes to the site design. This is a a very useful addition, particularly when you need to let others who cannot login or have no access to the site see a preview of the latest changes before final publication.

Scheduling changes in the customizer

You can schedule the latest theme changes to go live depending on the date and time you choose.

Creating Menus

WordPress 4.9 guides the user step by step through the flow of selecting menu locations and items making the menu creation process easier.

creating menus in WordPress 4.9

Improvements to the Widget System in WordPress 4.9

The brand new gallery widget in version 4.9 allows you to place dedicated image galleries on the frontend of your site. It’s a super way to create image widgets that will help draw more interest to your posts but won’t slow down your site.

The brand new gallery widget in version 4.9

Just choose a location or drag it over to your desired location and select images from your WordPress media library using the Add Images button

Text Widget Improvements

The not-so-often used Text Widget has also gotten an overhaul. They added a rich text editor so you can add an image and a text link and format it for visual appeal. And, with  the Add Media button you can actually use the text widget to create a gallery that has text and links to it.

rich text editor in Text Widget of WordPress 4.9

Text Widget will also now support shortcodes by default, so no need to use a plugin to help with that.

Video Widget Expands Support

The Video widget in WordPress 4.9 also now supports all oEmbed providers, making it possible to add videos to your site that are hosted by other providers and not just YouTube and Vimeo.

The Video widget in WordPress 4.9

Improvements to Code Editing 

An important change for developers is the new code editor called CodeMirror. It will make the editing experience better as you will easily be able to tweak:

  • your custom css in the wordpress customizer,
  • theme or plugin code from the dashboard editor, and
  • code in the custom html widget.

Live error checking and Autocomplete features will also help keep you safe from coding errors as it gives you a warning message if you are editing your theme’s template files and also auto-detect fatal errors in your code before you save the changes.

It’s great to have these many new and improved features in WordPress 4.9, but it’s just the beginning. WordPress says we can expect even bigger changes coming next year as it incorporates more theme and page builder functions.

Update to WordPress 4.8.3 Now

WordPress 4.8.3 has just been released and if you haven’t upgraded your WordPress website yet, then you should do so as soon as possible.

Version 4.8.3 is an important security update that will fix a serious programming flaw that can potentially expose WordPress-powered websites to the possibility of being attacked and hijacked by hackers by means of injecting malicious SQL database commands.

The bug, CVE-2017-14723, was discovered and reported by security researcher Anthony Ferrara in September. The WordPress core is not affected, the vulnerability lies in WPDB, a set of functions used to talk to the WordPress database, and its ability to include sprint tokens.

The vulnerable functionality was first found in version 4.8.1. WordPress version 4.8.2, which included fixes for many bugs, was supposed to address this flaw. However, according to Ferrara, version 4.8.2 only dealt with “a narrow subset of the potential exploits” and didn’t actually fix the root issue.

In version 4.8.2 and earlier, the buggy code, $wpdb->prepare(), can create unexpected and unsafe queries and potentially allow malicious SQL injection. The newly-released WordPress 4.8.3 security update addresses this flaw by changing the behavior of the esc_sql() function and hardening it to protect it from attacks via plugins and themes.

How to Update to WordPress 4.8.3

If you are a client of Ezone, you needn’t do anything as we have already upgraded you to WordPress version 4.8.3. You can log in to your website as you normally do and be assured that your website is protected from this security threat.

If you wish to upgrade to WordPress 4.83 yourself, follow these steps:

    1. Check first what version of WordPress your site is using. Go to the Dashboard, look in the ‘At a Glance’ panel:
    2. Download the latest version of WordPress 4.83 from the WordPress website, or go to Updates in the Dashboard and choose “Update now.”

Steps to Prepare your Website for GDPR

The General Data Protection Regulation (GDPR) is the European Union’s new data protection legislation. The UK is currently following the Data Protection Act of 1998, which replaced the 1995 EU Data Protection Directive. As there have been unforeseen changes in the way that we have used digital information over the past decades, the laws that are in place at the present time no longer fit many objectives and will be superseded by the new legislation.

Highlights of the GDPR

  • The GDPR will automatically apply in all EU member states effective 25 May 2018. It is already in force since 24 May 2016, but businesses and organisations have until 25 May 2018 to ensure compliance before the law fully applies.
  • It will introduce changes on how businesses and public sector organizations control or process personal and sensitive data of customers, such as their name, address, IP address, religious and political views, sexual orientation, and more.
  • The new data protection laws will also give more people control over what companies can do with their data, such as more rights to access or request deletion of information companies hold on them.
  • It will enforce a clear responsibility for organizations to obtain the consent of people they collect information about.
  • It will introduce more rigid enforcement measures and bring in tougher fines for noncompliance and breaches in order to improve customer trust in the emerging digital economy.
  • The GDPR will also standardize data protection laws throughout Europe, giving businesses throughout the 28 EU member countries a simpler, clearer legal environment in which to operate.

Steps You Can Take Now to Get Your Website Ready for the General Data Protection Regulation (GDPR)

If you are a company that deals with personal data belonging to EU residents then you need to ensure that you are ready for the GDPR. Here are some areas to review and update on your website:

Make sure to clean up your email databases

If you have a database of subscribers that were not collected according to GDPR standards, then you need to do some cleaning up by sending them a re-permission email so that they can choose to re-opt in and stay on your newsletter list. Choosing to re-opt-in will provide proof of consent of subscribers and will make your business GDPR-compliant.

Ask people to actively opt in

GDPR compliance will now require that you use contact forms that do not have pre-ticked boxes, opt-out boxes or default settings. This ‘positive-opt in’ or ‘affirmative action’ will now be required to ensure that people have a genuine and free choice and control, and take some positive action in order to have valid consent.

If you want people’s consent for various different purposes, the Information Commissioner’s Office (ICO) advises that you provide a separate opt-in for each purpose. This is so that, “People should not be forced to agree to all or nothing – they may want to consent to some things but not to others.”

To further ensure that your opt-ins are compliant to GDPR regulations, you must also take note of these additional points:

  • Make sure that people can easily exercise their right to withdraw consent.
  • You must use clear and and plain language when explaining consent.

Change your website Cookie and Privacy Policies

Under the GDPR, the standard text phrase that is included in Cookie notices, “by using this site, you accept cookies,” only suggests implied consent and, as a result, is no longer going to be compliant. Websites that use different types of cookies with different processing purposes will need different mechanisms to obtain valid consent for each purpose, e.g. granular levels of control with separate consents for tracking and analytics cookies and mechanisms to also signal customer consent and for them to make an ‘affirmative action.’

There’s not much time before the EU GDPR is officially in effect. It’s best to start your planning process, and begin implementing the changes your organization will need to make now, especially companies that have multiple websites.

If you wish to consult with Ezone about getting your website ready for GDPR, please do not hesitate to contact us.

Helpful resources from the ICO:

Getting ready for the GDPR
12 steps to take now
Accountability and governance

WordPress Makes Available 4.8.1 Maintenance Release

WordPress has just made available WordPress 4.8.1, a maintenance release to it’s recent version WordPress 4.8 “Evans. ”

This first maintenance release includes 29 fixes and enhancements to help make your WordPress website design more intuitive. Of particular interest in this recent update is the introduction of the Custom HTML widget and technical workarounds to fix the rich Text widget.

When WordPress 4.8 was introduced last June 8, 2017 it added new widgets for videos, pictures and text as well as functionalities to improve editing of links.  However, the TinyMCE functionality to improve the Text widget brought about some issues for those who use Custom HTML and caused the Visual editor to ignore portions of the code.

The dedicated Custom HTML widget in WordPress 4.8.1 Beta 1 addresses this problem. This widget will allow advanced users to specifically add arbitrary HTML to the website’s sidebar and prevent the Visual editor from altering code.

So, when you paste or type in an HTML code into the text widget with the Visual editor active, an Admin Pointer will pop up suggesting that you use the Text tab instead or use the Custom HTML widget.

How Do I Update to WordPress 4.8.1?

If you are one of our clients you needn’t do anything, we have already upgraded you to WordPress version 4.8.1. Continue to log in to your website as you normally do and start enjoying the benefits straight away.

If you are not sure what version of WordPress your site is using you can easily check by going to the WordPress dashboard in the content management system and looking in the ‘At a Glance’ panel:

Basic Image Editing in WordPress

One of the things many WordPress beginners often wonder about is if it is possible to edit an image after it has been inserted into a post or page. Yes, WordPress users may do some simple image editing and also edit image properties once the image is already uploaded.

Here’s how this can be done: Continue reading “Basic Image Editing in WordPress”

Organizing Website Content in Pages and Posts

Keeping your website content organized matters a great deal in terms of:

  • how it affects user experience, and
  • in improving your search engine rankings.

A well-organized site helps your site visitors to navigate the website quickly and easily and find the information they need. This gives a positive impression especially to people who visit your site who have very short attention spans and expect to be able to access information at the click of a mouse. Continue reading “Organizing Website Content in Pages and Posts”

Key Differences Between WordPress Posts and Pages

One of the things that many beginners find really confusing when creating new content for their website is in using WordPress posts and pages.

Posts and pages are two different ways you can publish content on WordPress. They seem to look the same on the website, but both content types function very differently. Continue reading “Key Differences Between WordPress Posts and Pages”

This website uses cookies OK Thanks