It’s time to update WordPress

update-wordpress

WordPress 4.9.1 Security and Maintenance Release

WordPress 4.9.1 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately.

WordPress versions 4.9 and earlier are affected by four security issues which could potentially be exploited as part of a multi-vector attack. As part of the core team’s ongoing commitment to security hardening, the following fixes have been implemented in 4.9.1:

  1. Use a properly generated hash for the newbloguser key instead of a determinate substring.
  2. Add escaping to the language attributes used on html elements.
  3. Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds.
  4. Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability.

Thank you to the reporters of these issues for practicing responsible security disclosureRahul Pratap Singh and John Blackbourn.

Eleven other bugs were fixed in WordPress 4.9.1. Particularly of note were:

  • Issues relating to the caching of theme template files.
  • A MediaElement JavaScript error preventing users of certain languages from being able to upload media files.
  • The inability to edit theme and plugin files on Windows based servers.

This post has more information about all of the issues fixed in 4.9.1 if you’d like to learn more.

Spearhead Multimedia clients, as well as all Wordpress users, may contact us to perform the update for you.

Who’s watching you?

ssl-certificate-from-spearhead-multimedia

Sometimes we don’t realize and then don’t remember whom we’ve given access to our Google account in order to set up an account from another vendor.

It’s always a good idea to go to https://myaccount.google.com/permissions while you’re logged in to your Google account and review who has access to your private information.

If you use an Android based phone be careful not to remove access to important apps and make sure you do for the questionable ones.  Not sure about an app?  Google it and see.

Google Gives A Ranking Boost To Secure HTTPS/SSL Sites

google-ssl-https-secure

Google Gives Secure Sites A Ranking Boost

Google has announced that going HTTPS — adding a SSL 2048-bit key certificate on your site — will give you a minor ranking boost.

Google says this gives websites a small ranking benefit, only counting as a “very lightweight signal” within the overall ranking algorithm. In fact, Google said this carries “less weight than other signals such as high-quality content.” Based on their tests, Google says it has an impact on “fewer than 1% of global queries” but said they “may decide to strengthen” the signal because they want to “encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.”

Google also said based on their tests for the past few months, the HTTPS signal showed “positive results” in terms of relevancy and ranking in Google’s search results.

As you may remember, at SMX West, Matt Cutts, Google’s head of search spam, said he’d love to make SSL a ranking factor in Google’s algorithm. Well, less than five months after that announcement, and while he is on an extended leave, Google is making it a reality.

SEO Concerns With Going HTTPS

Should you be concerned when switching from your HTTP to HTTPS site for SEO purposes? Not so much. Google has been telling webmasters it is safe to do so for years. But you need to take the proper steps to ensure your traffic doesn’t suffer. That means make sure to communicate to Google that you moved your site from HTTP to HTTPS. Google promises to release more documentation in the future, but for now has provided the following tips:

  • Decide the kind of certificate you need: single, multi-domain, or wildcard certificate
  • Use 2048-bit key certificates
  • Use relative URLs for resources that reside on the same secure domain
  • Use protocol relative URLs for all other domains
  • Check out our site move article for more guidelines on how to change your website’s address
  • Don’t block your HTTPS site from crawling using robots.txt
  • Allow indexing of your pages by search engines where possible. Avoid the noindex robots meta tag.

Google has also updated Google Webmaster Tools to better handle HTTPS sites and the reporting on them.

One last thing: You will want to make sure to track your HTTP to HTTPS migration carefully in your analytics software and within Google Webmaster Tools.

Postscript: Google webmaster trends analyst John Mueller is also answering some questions about the change here on Google+.

Spearhead Multimedia offers multiple choices for SSL Certificates.  Get yours here today.

From http://searchengineland.com 

Positive SSL