Support Team Update for July 24th

Items discussed at today’s #wordpress-sfd meetupMeetup All local/regional gatherings that are officially a part of the WordPress world but are not WordCamps are organized through A meetup is typically a chance for local WordPress users to get together and share new ideas and seek help from one another. Searching for ‘WordPress’ on will help you find options in your area.:

WordPress 4.0 beta2

The second 4.0 betaBeta A pre-release of software that is given out to a large group of users to trial under real conditions. Beta versions have gone through alpha testing in-house and are generally fairly close in look, feel and function to the final product; however, design changes often occur as part of the process. is going smoothly. All the media related issues have tickets and is being worked on and the two holdouts are considered minor.

There was a question from the week before if the Alpha/Beta sub-forum shows up in no-replies and all topics; it does.

The handbooks for support

The support handbook really is for moderators and the troubleshooting handbook is for everyone. That doesn’t really explain it clearly but at some time soon the troubleshooting handbook will be linked in the blue welcome box when you visit make/support.

Upgrading plugins will protect you. Honest.

In the recent past a certain popular pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the Plugin Directory or can be cost-based plugin from a third-party had an exploit that permitted Bad People™ to install code and backdoors onto your WordPress installation. If you were not compromised and upgraded the plugin then you were not impacted by this exploit. If you were exploited prior to the patched version of the plugin being released then you have to clean out your installation.

However if you did not upgrade when the update arrived or continued to run the vulnerable version then your installation was a prime target for bots and most likely was compromised as a result of that.

Please keep your plugins, themes and WordPress versions up to date and patched. It can protect you and save you hours of grief down the line.

Speaking of exploits, there appears to be an uptick in XML-RPC brute force attacks. While some hosts may recommend that the users delete that xmlrpc.php file that will likely break things. The best reply to those topics really is “Please speak with your host.” Real firewalls that can rate limit httpHTTP HTTP is an acronym for Hyper Text Transfer Protocol. HTTP is the underlying protocol used by the World Wide Web and this protocol defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands. requests from attack hosts from ever reaching your installation can be the best way to solve it. Using .htaccess won’t really help as 10,000 404 pages will bring down any host.

The transcript for today’s meetup can be read at this link.