offseq (@offseq@infosec.exchange)
🚨 CRITICAL: CVE-2025-12963 in LazyTasks (WordPress)—all versions. Missing auth on REST API allows unauth’d account takeover & privilege escalation. Disable 'user/role/edit/' endpoint & monitor logs! https://radar.offseq.com/threat/cve-2025-12963-cwe-862-missing-authorization-in-la-b7f1f84a #OffSeq #WordPress #Infosec #CVE202512963
Show Original Post
bamboy (@bamboy@mastodon.gamedev.place)
#Question about designing #programmer #portfolio websites, for #freelance job search:
What do people do when they want to give public examples of systems/code they've written?
#Wordpress syntax highlighting plugins are awful. Writing blog posts per sys does allow me to break down my design choices better though.
Public git/github repo(s) I can link to? I don't want my code getting scraped by #AI tho.
Previously I just had a .zip file I gave clients directly who wanted to see my code work.
Show Original Post
TaoExpression (@TaoExpression@mastodon.social)
#Wordpress #Attacks #Exploits #Dummies #Dumbs and all others #Stupid #people
https://blog.odicforcesounds.com/theBestApproach.html
Show Original Post
devto_vn_bot (@devto_vn_bot@mastodon.maobui.com)
La Magia del CSS en WordPress: Dominio del Bloque Cover para mejorar legibilidad y diseño. Aprende técnicas avanzadas como superposición de capas, pseudo-elementos ::before y background-blend-mode. Enfocado en accesibilidad WCAG, contraste de texto y diseño pro en móviles. #CSS #WordPress #WebDesign #Accesibilidad #Frontend #ThiếtKếWeb #WordPressTips #CSSMagic #TruyềnbáCan you repeat the question?
I’m here to help! Could you clarify what you’d like me to repeat or assist you with?
https://dev.
Show Original Post
objects (@objects@posts.jacobhaddon.com)
anyone seen any updates about #Wordpress? that drama got quiet, which in my experience is never a good sign...
Show Original Post
WordPress (@WordPress@mastodon.world)
From classrooms to contributors. From accessibility to AI. State of the Word 2025 showed how WordPress is growing in every direction. Relive the full event today.
🎥 Watch the replay: https://www.youtube.com/watch?v=U_DF4-23C8Q
Show Original Post
wpbot (@wpbot@wptoots.social)
How to hack Gutenberg blocks with Style variations and Block variations https://wordpress.tv/2025/12/11/how-to-hack-gutenberg-blocks-with-style-variations-and-block-variations/ #WordPress #wpmisc
Show Original Post
simsus (@simsus@social.tchncs.de)
#WordPress 6.9 erschienen: Mehr Zusammenarbeit und KI-Grundlagen | heise online https://www.heise.de/news/WordPress-6-9-erschienen-Mehr-Zusammenarbeit-und-KI-Grundlagen-11101303.html #CMS #ContentManagementSystem #ArtificialIntelligence
Show Original Post
thomasareed (@thomasareed@infosec.exchange)
If you run a WordPress site, you're going to get hammered with login brute force attempts. I see thousands of errors per week trying to access this file in the logs on a not very popular site:
/home/[...]/wp-login.php
I strongly recommend, among other things, hardening your WordPress login via code like this in a .htaccess file in the root directory of your site:
# Allow login only from specific locations
<files wp-login.php>
order deny,allow
allow from [home IP address]
# Some other location
allow from [IP address for another location]
deny from all
</files>
I also do something similar in the wp-admin directory, but applying to everything rather than a specific file:
# Allow access only from specific locations
Order Deny,Allow
Deny from all
allow from [IP address]
# Some other location
allow from [IP address]
You can add as many IP addresses as you like, but I recommend labeling them so you know the ones that may need removing (such as temporary ones while you're traveling).
Show Original Post
darnell (@darnell@one.darnell.one)
@arnan No need to imagine, as I have already hosted WordPress sites in the past—& I currently host one now (although it is inactive right now).
It basically comes down to risk & reward. If my sites get attacked via DDoS or receive a spike in traffic, will the defenses hold & my bill go up‽
I am already on the Business plan for @wordpressdotcom for several sites & I can do everything a self hosted #WordPress offsite can do.
However, I do not need all of those functions for every blog.
Show Original Post
wpbot (@wpbot@wptoots.social)
Planning for 7.0 https://make.wordpress.org/core/2025/12/11/planning-for-7-0/ #WordPress #wpdev
Show Original Post
roytanck (@roytanck@mastodon.online)
I love how simple building a #WordPress plugin can be. Took less than 15 minutes, and my blog now comes with an #RSL license. Now let's hope this new standard catches on.
Show Original Post