12.7 C
New York
Friday, September 30, 2022
Eduma Premium Education WordPress Theme

Weekly News: WordPress Security Just Leveled-Up

WordPress Security Just Leveled-Up

The runaway popularity of WordPress and the open source nature of the WordPress ecosystem has made it an intense target of hackers. Security has long been a major issue with WordPress. That may have changed recently when the commercial arm of WordPress recently acquired a security company which may help internalize security and reduce hacking incidents.

Third Party Plugin and Theme Developer Vulnerabilities

Common vulnerabilities like Cross Site Scripting (XSS) and WordPress API exploits happen because of sloppy coding practices from third party developers in the WordPress ecosystem.

The two most common points of failure are when software coders fail to sanitize what is being input or uploaded to a WordPress installation. 

WordPress Security Company Acquired by WordPress

Jetpack, a division of the commercial arm of WordPress, Automattic, announced that it is acquiring the popular WPScan WordPress security suite company. WPScan provides resources that enable the WordPress and WordPress security ecosystem to fight back against security issues quickly. Jetpack is a suite of WordPress tools that also includes a security component.

WordPress security is an important area for WordPress because it’s what competitors cite as a weakness in WordPress. So on that level it makes sense for Jetpack to acquire a company with a proactive stance on WordPress security.

Why WPScan is Important

wpscan

WPScan is a database of vulnerabilities.

WPScan also provides:

An API for accessing the database

WPScan Security Scanner, a Command Line Interface (CLI) scanner

A WordPress security plugin

WPScan Database

WPScan is first and foremost an openly available database that records WordPress vulnerabilities and makes the information available via an API.

The information about WordPress vulnerabilities is hand curated by WPScan and contributors.

WPScan WordPress Security Scanner

WPScan also provides WPScan WordPress Security Scanner, which is a Command Line Interface scanner that is free for non-commercial use for scanning a website for vulnerabilities that are recorded in the WPScan database.

WPScan WordPress Plugin

Lastly, WPScan offers a free plugin that scans a website to determine if the WordPress installation itself and/or installed themes and plugins have vulnerabilities. The plugin uses the WPScan database API to check for vulnerabilities. The daily scan is said to fall within the free tier of API usage.

Read more:  Weekly News: Bing’s Ethical Shopping hub expands to U.S., Canada

Why Did Jetpack acquire WPScan?

Jetpack’s stated reason for acquiring WPScan is to open up the data even more and to continue it as a resource for the entire WordPress ecosystem.

WordPress Security Will Improve

The founders of WPScan are going to work for Automattic as part of the deal that culminated in the acquisition.

Source: WordPress Security Just Leveled-Up

Google is hiring a Search Quality Analyst to fight search spam

Google is hiring a new Search Quality Analyst who would work on fighting spam in the Google Search results. A new job posting by Google is currently accepting applications, the job seems to require you to be available to work on-site at the Mountain View, California office.

google spam fighter

Job details. The job description defines the job of a Search Quality Analyst as someone who “will be working to measure and prevent inorganic user behavior through enforcement and development of our webmaster guidelines.” It also requires you to “support search ranking launches through qualitative and quantitative analyses.” As a Search Quality Analyst, Google said, “you will solve problems across data sets, with the power of Google’s technology to identify issues occurring in Google Search and related product areas.”

Make a difference. Google said this job will make a difference and have a “direct impact on users every day.” Plus you will get to work “closely with engineers and other analysts to launch algorithms and lead efforts that improve the overall search experience.” In short, you get to understand the search ranking algorithms in a deeper way and actually work on overall search quality.

Responsibilities. Google lists out these are the core responsibilities of the job:

  • Prevent abuse of Google Search by analyzing search trends, identifying inorganic activity, and developing solutions.
  • Solve analytical problems and apply analytical methods as needed within datasets.
  • Engage cross-functionally with a wide variety of people and teams. Work closely with Engineers and Analysts to lead the development of long-lasting solutions.
  • Prepare and present recommendations to multiple levels of stakeholders.
Read more:  Weekly News: Google confirmed an indexing issue affecting a large number of sites

Qualifications. Here is a listing of all the qualifications to apply for this job:

Minimum qualifications:

  • Bachelor’s degree or equivalent practical experience.
  • Experience working with one or more of the following languages: SQL, HTML, PHP, JavaScript, Python, Go and/or C++.
  • Experience in data analysis, or working as a data scientist, abuse analyst, or law enforcement investigator.
  • Experience managing projects and defining project scope, goals, and deliverables.

Preferred qualifications:

  • Master’s degree in a quantitative discipline.
  • Experience in Search Engine Optimization (SEO) or experience as a webmaster.
  • Excellent written and verbal communication skills.

Source: Google is hiring a Search Quality Analyst to fight search spam

Is Domain Name a Google Ranking Factor?

The Claim: Domain Name as a Ranking Factor

You’ve probably heard a client or someone in SEO say something like: “Exact match domains generate instant credibility.”

“It’s the best investment you could make.”

“It gives you a competitive edge.”

It was true — back in the day. The Hotels.com domain sold for $11 million in 2003, making it one of the most expensive domain name purchases of all time.

Domain Name as a Ranking Factor: The Evidence

There’s a lot of chatter online about domain names and their impact on rankings.

Does Domain Name Affect Ranking?

In 2011, Bill Slawski investigated Google’s exact match domain patent and uncovered insightful nuggets of information.

He theorized that it is possible that keywords in domains work better, according to the patent.

How Important is Exact Match Domain Name?

The fact is, exact match domain names were always gray hat feeding into the black hat world. Exact match domains are pure baloney from a ranking factors standpoint.

Domain Name as a Ranking Signal: Our Verdict

While there are exceptions to every rule, you want to properly evaluate your goals for the domain when it comes to your domain name.

Speaking of exceptions, there is one here with our verdict: and that is when it comes to pure navigational searches.

For example, if someone searches for a domain (e.g., Facebook), they are specifically looking to navigate to that domain (eg., www.facebook.com), via a Google search (vs. typing in the URL or opening the site via a bookmark). In that case, the fact that Facebook is Facebook will help Facebook rank for that query.

Read more:  Weekly News: Rank Math Integrates IndexNow for WordPress Sites

Source: Is Domain Name a Google Ranking Factor?

Buying fake Justin Bieber tickets could see your phone infected with malware

Scammers are increasingly leveraging call centers to carry out cyberattacks and infect their victims with malware after first roping them in by using PayPal invoices and even tickets to Justin Bieber’s upcoming 2022 world tour as lures, experts have warned.

According to a new report from Proofpoint, the firm’s security researchers have observed an increase in attacks that rely on victims to call scammers directly and initiate the interaction after receiving an email with their phone number. 

However, there are two types of these attacks, with one using free remote assistance software to steal money while the other, which is frequently associated with BazaCall, uses the BazaLoader malware disguised as a document to compromise a victim’s computer and gain access to their online accounts.

Source: Buying fake Justin Bieber tickets could see your phone infected with malware

Microsoft Teams is finally getting the update you’ve all been waiting for

microsoft teams

Working together with others outside your organization in Microsoft Teams will soon be possible thanks to a new update to Microsoft’s online collaboration tool.

Working together with others outside your organization in Microsoft Teams will soon be possible thanks to a new update to Microsoft’s online collaboration tool.

Workgroups often extend beyond one’s organization with employees connecting with multiple external stakeholders including customers, vendors and partners. However, up until now, users had to rely on different software or even personal apps to collaborate with them.

Not only does this require employees to use multiple apps which takes longer and can reduce their productivity, it also creates security risks for both workers and their companies.

For this reason, Microsoft is currently working on two updates that leverage Microsoft Teams Connect and the secure access capabilities of Azure Active Directory (Azure AD) to make cross-organizational collaboration easier for businesses.

Source: Microsoft Teams is finally getting the update you’ve all been waiting for

More News:

Facebook Shutting Down Facial Recognition

OptinMonster Vulnerability Affects +1 Million Sites

Google makes it easier to remove images of kids from the search results

Related Articles

Eduma Premium Education WordPress Theme

Latest Articles