Tag: WordPress

What is CMS?

A Content Management System (CMS) is a web application that uses a database to create, edit, and store HTML in a manageable way. They have grown in popularity over the years because they have made creating and editing content easier than ever before. Website building is no longer limited to HTML experts, anyone can create a basic site now with a CMS, but when it gets too complex you can hand it off to the pros at Orca.

How Do I Decide Which One to Use?

The top CMS systems are more similar than they are different, but it is still a good idea to take some time to figure out what your business needs are and match them up with the appropriate CMS. Here are a few features to consider when comparing different CMS’s.

Functionality: What are the essential functions you are looking to get out of your website? Will you need more in the future? If you are looking to quickly set up a small site or blog on a friendly interface, WordPress is probably the best option for you, while if you are looking to set up a large-scale ecommerce system with thousands of pages, Drupal may better suit your needs.

Support: What kind of support does the CMS come with? Larger CMS’s tend to have more online support, such as blogs, forums, and videos, so it is definitely something to consider when choosing the right one for you. Here is a list of the big three we support.

1. WordPress
2. Drupal
3. Joomla

Price: Do you have the budget to pay for software licensing? If not, that is ok, there are many free platforms out there, just be cautious of hidden implementation fees and ongoing maintenance costs that some lesser-known platforms may charge.

WordPress 5.1.1 is now available! This security and maintenance release introduces 10 fixes and enhancements, including changes designed to help hosts prepare users for the minimum PHP version bump coming in 5.2.

This release also includes a pair of security fixes that handle how comments are filtered and then stored in the database. With a maliciously crafted comment, a WordPress post was vulnerable to cross-site scripting.

WordPress versions 5.1 and earlier are affected by these bugs, which are fixed in version 5.1.1. Updated versions of WordPress 5.0 and earlier are also available for any users who have not yet updated to 5.1.

Props to Simon Scannell of RIPS Technologies who discovered this flaw independent of some work that was being done by members of the core security team. Thank you to all of the reporters for privately disclosing the vulnerabilities, which gave us time to fix them before WordPress sites could be attacked.

Other highlights of this release include:

  • Hosts can now offer a button for their users to update PHP.
  • The recommended PHP version used by the “Update PHP” notice can now be filtered.
  • Several minor bug fixes.

You can browse the full list of changes on Trac.

WordPress 5.1.1 was a short-cycle maintenance release. Version 5.1.2 is expected to follow a similar two week release cadence.

You can download WordPress 5.1.1 or visit Dashboard → Updates and click Update Now. Sites that support automatic background updates have already started to update automatically.

Release of WordPress 5.1

Near the end of the month, WordPress 5.1 was released, featuring significant stability and performance enhancements as well as the first of the Site Health mechanisms that are in active development. Most prominent is the new warning for sites running long-outdated versions of PHP.

You can check out the Field Guide for this release for a detailed look at all the new features and improvements. The next release is already in development with plans to improve the Site Health features, PHP compatibility, and a number of other things.

Want to get involved in testing or building WordPress Core? You can install the WordPress Beta Tester plugin, follow the Core team blog, and join the #core channel in the Making WordPress Slack group.

Gutenberg Development Continues

The block editor that is now a part of WordPress core started out as a project named Gutenberg with the lofty goal of creating a whole new site-building experience for all WordPress users. The first phase of Gutenberg resulted in the block editor that was included in WordPress 5.0, but development didn’t stop there – phase 2 of the project is well underway.

This month, one of the initial goals for this phase was reached with all of the core WordPress widgets being converted to blocks – this will go a long way to allowing full sites to be built using blocks, rather than simply post or page content.

Want to get involved in developing Gutenberg? Check out the GitHub repository and join the #core-editor channel in the Making WordPress Slack group.

Block Editor Comes to the Mobile Apps

As Gutenberg development continues, the Mobile team has been working hard to integrate the new block editor into the WordPress mobile apps. Near the end of February, the team shipped a complete integration in the beta versions of the apps – this a significant milestone and a big step towards unifying the mobile and desktop editing experiences.

Both the iOS and Android apps are open for beta testers, so if you would like to experience the block editor on mobile today, then join the beta program.

Want to get involved in developing the WordPress mobile apps? Follow the Mobile team blog, and join the #mobile channel in the Making WordPress Slack group.

WordPress Triage Team Announced

One of the goals for 2019 that Matt Mullenweg (@matt) announced in his State of the Word address last year was to form a team who would work to manage the ever-increasing number of tickets in Trac, the bug tracker that WordPress Core employs.

This team, known as the Triage Team, has been announced. Their work will involve coordinating with component maintainers, release leads, project leadership, contributors, and other WordPress related projects with issue trackers outside of Trac to ensure that everyone is empowered to focus on contributing.

The team was formed based on nominations of volunteers to take part and will be led by Jonathan Desrosiers (@desrosj). The other members of the team are Chris Christoff (@chriscct7), Tammie Lister (@karmatosed), Sergey Biryukov (@sergey), and Sheri Bigelow (@designsimply) – all of whom have a strong track record of contributing to WordPress, have exhibited good triaging practices, and are overall good community members.

WordPress 4.7 has been downloaded over 10 million times since its release on December 6, 2016 and we are pleased to announce the immediate availability of WordPress 4.7.1. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.7 and earlier are affected by eight security issues:

  1. Remote code execution (RCE) in PHPMailer – No specific issue appears to affect WordPress or any of the major plugins we investigated but, out of an abundance of caution, we updated PHPMailer in this release. This issue was fixed in PHPMailer thanks to Dawid Golunski and Paul Buonopane.
  2. The REST API exposed user data for all users who had authored a post of a public post type. WordPress 4.7.1 limits this to only post types which have specified that they should be shown within the REST API. Reported by Krogsgard and Chris Jean.
  3. Cross-site scripting (XSS) via the plugin name or version header on update-core.php. Reported by Dominik Schilling of the WordPress Security Team.
  4. Cross-site request forgery (CSRF) bypass via uploading a Flash file. Reported by Abdullah Hussam.
  5. Cross-site scripting (XSS) via theme name fallback. Reported by Mehmet Ince.
  6. Post via email checks mail.example.com if default settings aren’t changed. Reported by John Blackbourn of the WordPress Security Team.
  7. A cross-site request forgery (CSRF) was discovered in the accessibility mode of widget editing. Reported by Ronnie Skansing.
  8. Weak cryptographic security for multisite activation key. Reported by Jack.

Thank you to the reporters for practicing responsible disclosure.

In addition to the security issues above, WordPress 4.7.1 fixes 62 bugs from 4.7. For more information, see the release notes or consult the list of changes.

Download WordPress 4.7.1 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.7.1.

This content provided by WordPress here.

As always, be sure to backup your site + database before installing this new update.

Call Now Button