Contributor: Paul Gilzow

Session:

For the WPCampus 2019 conference, our organizing team decided that, in lieu of spending money on swag, the WPCampus organization would donate those funds to Free Geek, a non-profit organization in the Portland metro area that focuses on creating digital equity through environmental sustainability. We invited others to donate to the cause. Overall, we raised…

Blog: Vulnerable Plugins report for the week of September 13th, 2019

29 vulnerabilities this week, with 5 needing a fix (with some, possibly,  on the way). The first 3 vulnerabilities in the list are confirmations of possible vulnerabilities from last week. Search Exclude returns as last week’s fix wasn’t sufficient, LMS / VLE plugin LifterLMS has a serious vulnerability, Slimstat analytics returns for the third time […]

Blog: Vulnerable Plugins report for the week of September 6th, 2019

26 vulnerabilities this week, with 7 needing a fix (with some, possibly,  on the way). Formidable Forms appears for the fourth time in a month, so you may wish to look elsewhere. Landing Pages by SwiftCloud is still on the directory (but closed), but the latest commit has deleted everything for unknown security reasons. In […]

Blog: Vulnerable Plugins report for the week of August 30th, 2019

27 vulnerabilities this week, with 4 unfixed, but 1 being worked on. WooCommerce PayU India (PayUmoney – PayUbiz) , Instamojo for WooCommerce and DW Mega Menu are all closed and show no sign of a fix – Ovic Addon Toolkit is closed, but is being worked on. It is an arbitrary file deletion vulnerability, so […]

Blog: Vulnerable WordPress Plugins Report for the Week of August 23, 2019

Vulnerable Plugins There are eighteen issues this week, with two unfixed, and five where fixes have been committed but aren’t showing as available yet in the public repository.  The most critical this week are a Privilege Escalation vulnerability in WP Front End Profile (fix available), a CSV Injection vulnerability in Import Export WordPress Users (fix […]

Blog: Vulnerable WordPress Plugins Report for the Week of August 16, 2019

Vulnerable Plugins There are eighteen issues this week, with eight unfixed.  The most critical this week is an Arbitrary File Upload vulnerability via Cross-Site Request Forgery vulnerability in the Maintenance plugin. No fix is available as of this publishing date, and the plugin has been closed in the public repository. View this week’s vulnerable plugins […]

Blog: Vulnerable WordPress Plugins Report for the Week of August 9, 2019

Vulnerable Plugins There are eighteen issues this week, with three unfixed.  The most critical this week are Privilege Escalation vulnerabilities via Unauthenticated Option Update vulnerabilities in the Donations, Booking, Learning Courses, and Restaurant Reservations plugins (fixes available for all). View this week’s vulnerable plugins list. Other News I’m back! Huge thank you goes out to […]

Blog: Vulnerable Plugins report for the week of August 2nd, 2019

23 vulnerabilities this week, with 9 unfixed (some are commercial plugins where a change log isn’t easily available, some are dot org plugins are being worked on – see the notes column for more) View this week’s vulnerable plugins list        

Blog: Vulnerable Plugins report for the week of July 26th, 2019

27 vulnerabilities this week (which means so far in july we’ve had 105 issues), with 4 unfixed. It’s bad week for cache plugins, with WP Super Cache, WP fastest cache and breeze all having fixes. View this week’s vulnerable plugins list The WPCampus 2019 conference is currently happening! Check out the schedule for lots of […]

Session:

Accessibility is an important topic that drives a lot of what we create and maintain in higher education. Join this panel of accessibility experts to discuss the importance of accessibility and what its impact means for your campus and the world wide web.

Blog: Vulnerable WordPress Plugins Report for the Week of July 12, 2019

Vulnerable Plugins There are twenty nine issues this week, with only one unfixed.  The most critical this week are Authenticated (low privileged user) Arbitrary Options Update vulnerability in the One Click SSL plugin (fix available) and in the WPTF Hybrid Composer plugin (fix available), and multiple critical issues in the File Manager (by mndpsingh287) plugin […]

Blog: Vulnerable WordPress Plugins Report for the Week of July 5, 2019

Vulnerable Plugins There are twenty four issues this week, with five unfixed.  The most critical this week is an unfixed Authenticated Arbitrary File Upload vulnerability with the MapsSVG Lite plugin and an unfixed Authenticate Remote Code Execution vulnerability in the Newsletter plugin. Both plugins have been closed in the public plugin repository. In addition, there […]

Blog: Vulnerable WordPress Plugins Report for the Week of June 28, 2019

Vulnerable Plugins There are thirty four issues this week, with four unfixed.  The most critical this week is an unfixed Arbitrary Password Reset vulnerability with the Ultimate Members plugin.  Since this is a premium plugin, I do not have access to the source to verify.  According to the disclosure, the vendor has stated the fix […]

Blog: Vulnerable WordPress Plugins Report for the Week of June 21, 2019

Vulnerable Plugins There are twenty issues this week, with three unfixed.  The most critical this week are an Arbitrary Settings Update vulnerability in Real Estate Manager (unfixed), a Cross-Site Request Forgery vulnerability that can lead to an Arbitrary File Upload in LionScripts: IP Blocker Lite (fix available), and a Cross-Site Request Forgery vulnerability that can […]

Blog: Vulnerable WordPress Plugins Report for the Week of June 14, 2019

Vulnerable Plugins There are nineteen issues this week, with five unfixed.  The most critical this week are two Arbitrary File Upload vulnerabilities in Finale WooCommerce Sale Countdown (fix available) and in LionScripts IP Blocker Lite (unfixed, remove immediately) plugins, an Authenticated Arbitrary File Upload vulnerability in Shipping Servientrega Woocommerce (unfixed, remove immediately), and an Authenticated […]

Session:

In this lightning talk, you’ll learn or get a refresher on at least 10 things you can do right now to improve your (or your team’s) writing for the web — from the mechanical to the creative. Even if we know the rules, sometimes we fall into bad habits or, other times, we make mistakes…

Blog: Vulnerable WordPress Plugins Report for the Week of May 31, 2019

Vulnerable Plugins There are sixteen issues this week, with two unfixed.  The most critical this week are a privilege escalation issue in Slick Popups and an Unauthenticated Administrator Creation vulnerability in Convert Plus. Both issues were discovered by WordFence/Defiant. View this week’s vulnerable plugins list.

Session:

Five years ago user experience wasn’t even a phrase in our lexicon, but now you hear it everywhere, and higher ed is finally taking notice. Join us as we talk about the fundamentals of UX design, how it overlaps with your own job duties, and what skill sets can help make you more valuable at…

Blog: Vulnerable WordPress Plugins Report for the Week of May 24, 2019

Vulnerable Plugins There are fifteen issues this week, with five unfixed.  The most critical this week is in WPGraphQL which includes Create administrative users Post comments on articles bypassing article restrictions and global moderation Retrieve content of password-protected posts/articles/pages Retrieve full list of registered users in the platform Retrieve full list of media, comments, themes […]

Blog: Vulnerable WordPress Plugins Report for the Week of May 17, 2019

Vulnerable Plugins There are nineteen issues this week, with five unfixed.  The most critical this week is the Sensitive Information Disclosure, Arbitrary File Deletion, and multiple Cross-Site Scripting vulnerabilities in Ultimate Member discovered by Sucri earlier this week. There was also a Local File Inclusion vulnerability disclosed in Photo Gallery by 10Web that does not […]

Session:

Institutions often struggle with silos: different offices and departments that work in different buildings and sometimes different campuses; fragmented budgets and grants that are earmarked specifically for one area; and pockets of information that live in different CMSs and are updated at different frequencies. But what good is all that information if we can’t connect…

Session:

Education at its heart is about sharing information, and those involved in the educational field want to make it easier to obtain information, whether it’s related to coursework or the processes a student needs to schedule classes or graduate.  WordPress is a wonderful tool that makes it easier to share – but these caring professionals…

Session:

I’ve consulted with lots of institutions of higher education. Each was convinced that they were a unique snowflake, and that their challenges could not possibly be understood by any outsider.  In fact, I’ve found there’s remarkable similarity across many (though of course not all) campus teams as they strategize, design, develop, and maintain their web…

Session:

Maintaining, updating, securing, and supporting a WordPress site takes time. If you have multiple installations across—or even within—faculties or departments, this time can add up quick. This workshop will give you the knowledge and fundamentals of how WordPress multisite can help get back some of that time. You’ll learn when—and importantly when not—to use multisite,…

Session:

You’ve made the investment to create an accessible website, but do you know what it takes to keep it accessible? Website accessibility is not a one-and-done activity. It requires discipline to make sure that new and edited content meet accessibility requirements. In this session, we’ll cover Overview of website accessibility Writing copy that meets accessibility…

Session:

Combining low cost or free DAM tools and WordPress, scholars, librarians and faculty curate teaching and research collections with robust, searchable metadata. What is the workflow from discovery to presentation? This workflow evolves as institutions build digital collections but don’t necessarily address individual collections or scholarly curation of institutional collections.Using faculty teaching and research collections,…

Session:

A recent brand redesign provided the opportunity to develop resources for our 15 colleges and all of their units for creating usable, accessible, responsive websites in the new brand. Our effort began with idea that if we build they will come. Then we received support from the top administration and switched gears to enterprise CMS…

Session:

Navigating a large college campus can be daunting for new students, especially for those with a disability. Providing a detailed, accurate, accessible map can help everyone get where they need to go. While the technology to create beautiful, interactive maps has been around for a while – many colleges only include a limited amount of…

Session:

The web has evolved, and now it’s time our themes do the same. WP Rig is an evolution on the tried and true starter theme model: a modern build process and WordPress starter theme bundled together, created to simplify the process of building advanced, accessible, performant, progressive themes. WP Rig does the heavy lifting of…

Session:

Maybe your web presence is locked down like a fortress. You’ve personally vetted every line of code in the source of your core applications and third party addons. Your malware scanner is laser-precise and your firewall has a direct line to INTERPOL where you can livestream the prompt arrest of anyone who attacks your site.…

Session:

If you’ve ever been a Java or C++ programmer, then you probably encountered some pretty strong opinions about object-oriented programming (OOP).  And, if you’ve ever been online, I’m sure you’ve also seen similar strong opinions about the state of PHP and, perhaps, the mental acuity of those who choose to use it.  If you’ve ever…

Session:

Testing on mobile devices (iOS, Android) will be demonstrated with hands-on activities for participants. Mobile versions of websites are covered, some of which are also testable using PCs (laptops). Learn what you can test on your laptop and what needs to be tested on a device. The testing topics will include handling traps, keyboard use,…

Session:

Since 2009, the University of California, Irvine has been using WordPress Multisite to host simple websites on campus. What started out as a basic blogging platform has grown to be a campus-wide service for individuals, small units and programs to quickly create a website. Now that the services is a mature platform, we revisit what…

Session:

Do you use Gravity Forms or other web forms to gather lots of data your processing center needs? Do you still send them individual emails from each form submission? Let’s talk about how to automate that data collection using the Gravity Forms API! Even if you don’t use Gravity Forms, you can still gain insight…

Session:

In a campus community of thousands (or tens of thousands!), there are lots of people you don’t know. But some of them do work that overlaps with your web projects in important ways, and they can provide you with valuable feedback. In this lightning talk, we profile five people who are probably on your campus…

Blog: Vulnerable WordPress Plugins Report for the Week of April 26, 2019

Vulnerable Plugins There are nine issues this week, with five unfixed.  The two most critical are an Arbitrary File Upload vulnerability in the WooCommerce Checkout Manager plugin (closed in public repository) and an Authenticated Arbitrary Options Update in Free Adwords Campaigner plugin (also closed in the public repository). You should remove both plugins immediately until […]

Session:

People are infinitely varied and resist change, thus any web project has inherent risk. From small interface options to the core value proposition, any new design or functionality runs the risk of failure. How do you minimize risk and ensure success? The key is to experience “failures” as early test observations rather than project disasters.Test…

Session:

Getting faculty to share the good work they do is challenging. So we challenged them to share the work they do. The 9x9x25 Challenge began in 2013 at a small community college in Arizona. It has since been replicated over the years at several other institutions in various forms. This session tells the story of…

Session:

After deploying code most of us go look at the home page (and other templates) to make sure things are okay. It’s a cumbersome task that, let’s be honest, we probably can do more thoroughly. In this talk, we will look at how to use visual regression testing, which uses a headless browser to compare…

Session:

Redesigning a university website is a hard enough prospect when you think of all the stakeholders, egos, and politics at play. How does strategy ever even have a chance to get off the ground? Joel Goodman and a small team spent the first half of 2018 working with National University to redesign their institutional website.…

Session:

Work on the web long enough, and you’ll eventually need a workflow: a system that allows some users to make certain changes, and other users to review those changes before they’re live for all the world to see. Maybe you even need some automatic notifications along the way. Sounds pretty basic, right? Unfortunately, it’s always…

Session:

We’ve all been there. We kickstart a website service, like a WordPress MultiUser (MU), and provide it to our end users. Glorious days are had, and the web proliferates with easy-to-update, maintained, and university-branded websites. But then comes the dreaded tick-tock of passed time. Site owners leave the institution and lose access to their sites.…

Session:

Custom plugin/theme development for a large institution introduces deployment problems. Oftentimes, we don’t want to publish the code to WordPress.org, because it is not relevant or contains private data, but then we lose the ability to easily install and keep those plugins up-to-date. For one or two sites it’s not a big problem, but at…

Session:

By 2017, 7 billion sets of credentials had been leaked. Through 2018 and now into 2019, we’re nearing 9 billion sets. Everyone, regardless of their job or role is affected. Those of us in Higher Education are at a distinct risk because we’re of particular interest due to the number of high-valued assets we posses. …

Session:

Already using Advanced Custom Fields? Are you curious about building your own Gutenberg blocks? This session is for you. I will show you the step by process of creating custom Gutenberg blocks using Advanced Custom Fields from start to finish. The session does involve some PHP code, but is tailored to front-end developers. The template-centric…

Session:

Many higher ed publications such as alumni magazines, annual reports, and course catalogues are created for both web and print. Publishing for both web and print often introduces inefficient workflows and frustrations keeping both versions up-to-date as information is updated between the web CMS and InDesign. Learn how WordPress can be extended to serve as…

Session:

When you have a handful of sites, updating plugins and core from the Web GUI, and managing your theme in GIT works.  But what happens when you have dozens if not hundreds of sites? How do you manage changes in an efficient, standard fashion, that minimizes downtime? Enter Composer, a package manager for PHP that…

Session:

Ah, the good old days, when the markup was semantic, developers cared about CSS, and the barrier to entry allowed accessibility experts and developers to work together. This session is nostalgia for the web we lost, part critique of where the web is headed, and part solution an introduction to HAX, an open source block…

Blog: Vulnerable WordPress Plugins Report for the Week of April 5, 2019

Vulnerable Plugins There are twenty-two items on the list this week, with six unfixed. The issue with the most visibility this week by far, was the controversy surrounding the Pipdig Power Pack (P3) plugin.  If you’re not familiar with what happened, I would suggest reading the write-up by WordFence and an extremely thorough write-up by […]

Blog: Vulnerable WordPress Plugins Report for the Week of March 29, 2019

Vulnerable Plugins There are seventeen items on the list this week, with twelve unfixed. View this week’s vulnerable plugins list. Other Security News PuTTY released version 0.71 which addresses multiple security issues. PuTTY is often bundled with other software packages on Windows, so if you work on a Windows machine, double-check your PuTTY client version […]

Blog: Vulnerable WordPress Plugins Report for the Week of March 22, 2019

Vulnerable Plugins There are eleven items on the list this week, with three unfixed. The most critical this week are the Unauthenticated Arbitrary wp_options import vulnerability in Easy WP SMTP, and the Unauthenticated SQL Injection vulnerability in Better Search both of which have been fixed in their most recent updates. View this week’s vulnerable plugins […]

Blog: Vulnerable WordPress Plugins Report for the Week of March 15, 2019

Vulnerable Plugins There are eleven items on the list this week, with three unfixed. The most critical this week are the Sensitive Information Disclosure/Authenticated Arbitrary File Read vulnerability in Caldera Forms Pro, and the Privilege Escalation vulnerability in SiteGround Optimizer. Both issues were discovered by Sucuri. View this week’s vulnerable plugins list. Other WordPress Security […]

Blog: Vulnerable WordPress Plugins Report for the Week of March 8, 2019

Vulnerable Plugins There are twenty items on the list this week, with the vast majority of them related to the Freemius framework disclosure that happened last week.  WPVulnDB also has a list of plugins that use Freemius that have been updated. There are three additional plugins in this week’s list that were updated for security […]

Blog: Vulnerable WordPress Plugins Report for the Weeks of February 22 through March 1, 2019

Vulnerable Plugins Seventeen disclosures since last week, with four issues unfixed. View this week’s vulnerable plugins list. We’re likely to see many more plugins updated over the next week as Freemius, a freemium framework used in thousands of plugins and themes, recently patched an authenticated options updated vulnerability. They attempted to give developers some time […]

Blog: Vulnerable WordPress Plugins Report for the Week of February 1, 2019

Vulnerable Plugins Twelve disclosures since last week, with four issues unfixed. The most serious is an Arbitrary File Upload vulnerability in the plugin Slider by 10Web. It appears that the developer is trying to fix the issue, but as of right now (2:00PM CST) it remains unavailable in the public repository. You are encouraged to […]

Session:

“Governance” sounds like work. Like bureaucracy. Like “no”. It doesn’t have to be this way. Governance is most effective when it looks like help and sounds like “yes”. Governance should be empowering, enlightening, supportive of goals, and flexible enough to allow innovation. But where do you start? How do you go from the wild wild…

Session:

You’re using Twitter to communicate with your friends. How can it be used to elevate your institutions’ brand? In this talk I’ll discuss the relationship marketing techniques that I’ve used to elevate brands in the business to business space and relate it to institutional needs. Specifically elevating the brand of the institution, recruiting (students and…

Blog: Vulnerable WordPress Plugins Report for the Week of January 25, 2019

Vulnerable Plugins Three disclosures since last week, with all issues fixed. However, right as I was writing this post, WordFence released a post detailing multiple vulnerabilities in the plugin Total Donations that can lead to a complete site take-over. The plugin appears to be abandoned so there is a high chance it will not be […]

Session:

In the lead-up to WordPress 5.0, potential accessibility barriers in the new Gutenberg editor came under intense scrutiny. Accessibility is particularly important to those of us in higher education, and uncertainty around the accessibility of the editor makes upgrade planning difficult. With this in mind, WPCampus commissioned an accessibility audit of the Gutenberg editor on…

Session:

Gutenberg, the new WordPress editor released with version 5.0, represents a substantial departure from the status quo in WordPress development. Heavy on JavaScript and based around reusable “blocks” of content, developing with Gutenberg involves technologies not typically associated with WordPress like React, Node, and JSX. In this talk, we will cover how the central IT…

Blog: Vulnerable WordPress Plugins Report for the Week of December 14, 2018

Vulnerable Plugins Thirteen disclosures since last week, with three issues unfixed. View this week’s vulnerable plugins list. Other WordPress Security News Version 5.0.1 was released earlier this week and corrects seven issues. If you have not upgraded to version 5.0 yet, fixes for all version back to 3.7 are available. Other Security News As a […]

Session:

“We are currently looking for the next Rockstars to join our stellar team! All employees must have killer work ethic and offer fanatical customer service.” Job postings, among so many other things, can be unintentionally exclusive. Inclusivity is at the heart of an effective content strategy. Accessible code may be imperative for inclusion, but all…

Session:

This session will describe how WordPress was used as part of a 10-week professional development offering through a provincially accredited (in BC) program for faculty development on the topic media for higher education. Keep takeaways include: How WordPress enhances delivery of program as a learning topic How WordPress enhances delivery of program as part of…

Session:

We all wear a lot of hats as digital web and app professionals. Depending on the client or company you work for, you may have multiple roles and responsibilities. How can we possibly add the digital accessibility hat on top of all that? What accessible pieces should we focus on? What do we do when…

Session:

Web accessibility is a beast! It is one of the most focused on and talked about topics regarding the web. Organizations are aware of it, concerned, and working hard to comply, especially in higher education. Over the past decade many sites have been hit with OCR complaints and other independent parties seeking web conformance. For…

Session:

This creative commons licensed open course “Supporting Students with Disabilities” is designed for all BC postsecondary faculty and staff who interact with students with disabilities, especially in a trades school context. The course is developed in the WordPress platform using the LearnDash and can be delivered in a face-to-face, online self-guided or blended format. The…

Session:

When you embark upon a website redesign effort, one of the most essential (but often most scary) conversations to have is about content. The longer you wait to think about it, the more daunting it can be. And the further you go down a project, the more content decisions you will have already made (whether…

Session:

It’s a simple idea: use WordPress to compose course materials and electronic textbooks. It sound like it should be easy! This talk will describe the challenges of implementing this idea at a large Australian university, and how it grew from a simple resource-sharing site to enterprise level software used by hundreds of instructors. Takeaways include:…

Session:

This session discusses how WordPress contributed to the success of one university’s venture into the world of Digital Liberal Arts. UNC Asheville; a small, public, liberal arts university, began using WordPress as part of a nine-faculty pilot study two years ago. That small WordPress multisite instance has grown into a full-fledged website creation tool for the…

Session:

Modern sites are complex, with lots of integration points and constant updates. EDU sites aren’t just for show. People rely on these sites every day because they solve business critical problems. This session will introduce the concepts of automated testing so that your QA workflow can keep up with the constant change required of modern…

Session:

The new Gutenberg editor comes with so many great content blocks. However, what if your editors have special use cases for their content that cannot be easily created with Gutenberg’s out-of-the-box blocks? At Georgetown, we have created a series of custom Gutenberg blocks in an effort to address our editors’ unique content needs. This session…

Session:

Every piece of information collected, online or in-person, is building a profile aimed at customizing your experiences. New products, new jobs, new educational options. While it has its benefits, we must consider what this kind of profiling can mean for marginalized groups, whose very existence is reduced down to data points; race, gender, age.  It’s…

Session:

Imperial College London (School of Medicine) was one of the first higher ed institutions in the UK to provide all undergraduate students with Apple iPads to support their learning and Apple iBook software is used to deliver module handbooks to all year groups. Following informal feedback of the student and staff experience of the iBook software,…

Session:

Having a central webhosting service on our campus that serves hundreds of WordPress sites, we’ve seen our fair share of website compromises and would love to share what we’ve learned about WordPress security. This talk will cover why and how your site is likely to be hacked, and what to do about it if the…

Session:

Let your users choose how they want to consume your content by giving them the option to have the content read to them out loud or translated into another language for audio or video consumption. Do your eyes ever get tired of small grey font on cream backgrounds and wish you could just have the…

Session:

Websites for colleges and universities need to be accessible for all kinds of people. However, some web developers, designers, and project managers can feel intimidated by the need to remediate sites that are currently inaccessible or plan for and maintain accessible sites in the future. This presentation, will focus on a banner which appears on…

Blog: Vulnerable WordPress Plugins Report for the Week of December 7, 2018

Vulnerable Plugins Fifteen disclosures since last week, with zero issues unfixed. View this week’s vulnerable plugins list. Four issues are critical and should be updated immediately: Redirection for versions 3.6.2 and earlier has a potential remote code execution vulnerability Toolset Type for versions 2.3.3 and earlier has a privilege escalation vulnerability WooCommerce for versions 3.4.5 […]

Blog: Vulnerable WordPress Plugins Report for the Week of November 9, 2018

Vulnerable Plugins Eleven disclosures since last week, with three issues unfixed, one unknown. View this week’s vulnerable plugins list. Far and away the most serious issue this last week was a combined set of vulnerabilities in the WP GDPR Compliance plugin that could allow attackers to add themselves to a site as an administrator and/or install […]

Blog: Vulnerable WordPress Plugins Report for the Weeks of October 6 through October 19, 2018

Vulnerable Plugins There were ten disclosures over the last two weeks, with three issues unfixed. The most serious is an arbitrary file upload vulnerability in the csv2wpec-coupon plugin, which is related to the recently disclosed vulnerability in the Blueimp JQuery File Upload Plugin package. However, there are less than 10 sites with the csv2wpec-coupon so it’s unlikely […]

Blog: Vulnerable WordPress Plugins Report for the Week of October 5, 2018

Vulnerable Plugins Seven disclosures since last week, with four issues unfixed. View this week’s vulnerable plugins list. Other WordPress News Earlier this week, the WordPress core team announced the release date for WordPress version 5.0: November 19, 2018. This means the 4.9.9 release has been shelved unless the core team is unable to release 5.0 before the […]

Blog: Vulnerable WordPress Plugins Report for the Week of September 28, 2018

Vulnerable Plugins Eight disclosures since last week, with two issues unfixed, and two unknown. View this week’s vulnerable plugins list. Other WordPress Security News There were several reports this week that the United Nation’s WordPress site was leaking “thousands or resumes” (The Register has since updated their story after I contacted them).   As it turns out, […]

Blog: Vulnerable WordPress Plugins Report for the Week of September 21, 2018

Vulnerable Plugins Ten disclosures since last week, with four issues unfixed, the most serious being an Authenticated Arbitrary File Upload vulnerability in Advanced Contact form 7 DB. View this week’s vulnerable plugins list. Other Security News Specifics of the Remote Code Execution vulnerability in Moodle were disclosed earlier this week. The disclosure includes Proof-of-Concept code so […]

Blog: Vulnerable WordPress Plugins Report for the Week of August 31, 2018

Vulnerable Plugins Nine disclosures since last week, with four issues unfixed. Additionally, Ninja Forms has released version 3.3.14 which addresses the CSV Injection vulnerability disclosed last week. View this week’s vulnerable plugins list. Other Security News Joomla! released version 3.8.12 which addressed three security issues: potential file upload vulnerability, store cross-site scripting vulnerability, and an ACL Violation in custom […]

Blog: Vulnerable WordPress Plugins Report for the Week of August 24, 2018

Vulnerable Plugins Five disclosures since last week, with four issues unfixed, the most serious being an unfixed CSV Injection vulnerability in Ninja Forms. View this week’s vulnerable plugins list. Other Security News phpMyAdmin released a patch earlier this week that addresses an authenticated, stored cross-site scripting issue.  Similarly, the Apache Foundation released a critical patch earlier […]

Blog: Vulnerable WordPress Plugins Report for the Weeks of July 27 through August 10, 2018

Vulnerable Plugins Somehow (thankfully) there has been only one public disclosure over the last two weeks: an Unauthenticated Arbitrary File Upload vulnerability in the Ultimate Member plugin that has been patched with version 2.0.23. View this week’s vulnerable plugins list. An Unauthenticated Arbitrary File Upload is a critical vulnerability, so you should update this plugin […]

Blog: Vulnerable WordPress Plugins Report for the Week of July 26, 2018

Vulnerable Plugins Four disclosures since last week, with one issue unfixed, one unsure but assumed unfixed. View this week’s vulnerable plugins list. Yes, I know it’s not Friday, but I’ll be out of town tomorrow and wanted to go ahead and get the report out. I’ll also be out of town next Friday as well […]

Blog: Vulnerable WordPress Plugins Report for the Weeks of July 9 through July 20, 2018

Vulnerable Plugins Eight disclosures over the last two week, with five issues unfixed, one critical. An authenticated arbitrary file upload vulnerability has been identified in the MapSVGLite plugin that remains unfixed. You should remove the plugin as soon as possible until the issue has been resolved. View this week’s vulnerable plugins list. Other WordPress News The […]

Blog: Vulnerable WordPress Plugins Report for the Weeks of June 22 through July 8, 2018

Vulnerable Plugins Ten disclosures over the last two week, with three issues unfixed. View this week’s vulnerable plugins list. Other WordPress Security News The big news last week and into this week was the disclosure of an unpatched arbitrary file deletion vulnerability in WordPress core.  Luckily, the vulnerability required a user to have the ability to […]

Blog: PSA: Arbitrary File Deletion vulnerability in all current versions of WordPress

Update 20180705: version 4.9.7 has been released and addresses the issue below.  RipsTech (static analysis for PHP) yesterday disclosed an arbitrary file deletion vulnerability in all versions of WordPress.  The vulnerability requires a role of Author or greater in order to exploit.  The exploit allows an authenticated user to delete any file on the server that […]

Blog: Vulnerable WordPress Plugins Report for the Week of June 22, 2018

Vulnerable Plugins Six disclosures since last week, with three issues unfixed. View this week’s vulnerable plugins list. Other Security News Including this one only because I never imagined someone being held at gunpoint to steal a domain name Sherman Hopkins, Jr., 43, from Cedar Rapids, Iowa, broke into the victim’s house, held the victim at […]

Blog: Vulnerable WordPress Plugins Report for the Week of June 15, 2018

Vulnerable Plugins Ten disclosures since last week, with two issues unfixed. View this week’s vulnerable plugins list. Other Security Came across a fun little security testing playground.  Allows you to spin up multiple vulnerable applications to practice security concepts and exploits and provide first-hand experience.  Each one has an explanation of the vulnerabilities in the […]

Blog: Vulnerable WordPress Plugins Report for the Week of June 7, 2018

Vulnerable Plugins Seventeen disclosures since last week, with three issues unfixed. View this week’s vulnerable plugins list. Other WordPress Security Defiant released a whitepaper earlier this week covering a new WordPress malware they’ve been tracking and have dubbed “BabaYaga”. Ryan Dewhurst (@ethicalhack3r and contributor to WPScan) released a report covering how many sites of the […]

Blog: Vulnerable WordPress Plugins Report for the Week of June 1, 2018

Vulnerable Plugins Ten disclosures since last week, with five issues unfixed. View this week’s vulnerable plugins list. Other Security News As I mentioned last week, a new malware, dubbed VPNFilter, was discovered to be targeting home/SOHO network devices.  The FBI has released an advisory recommending all owners of routers (which is just about everyone with […]

Blog: Vulnerable WordPress Plugins Report for the Week of May 25, 2018

Vulnerable Plugins Six disclosures since last week, with three issues still unfixed. View this week’s vulnerable plugins list. WordPress Security New WordFence released an interesting report on Tuesday that showcased an attack whereby hackers used compromised WordPress.com sites to install backdoor plugins on self-hosted WordPress sites via jetpack’s remote management capabilities.  If you use a […]

Blog: Vulnerable WordPress Plugins Report for the Week of May 18, 2018

Vulnerable Plugins Eleven disclosures since last week, with one critical unfixed. KingComposer has an Arbitrary File Upload vulnerability in its current version. You should remove the plugin until the author has fixed the issue. View this week’s vulnerable plugins list. Other WordPress News Version 4.9.6 of WordPress was released yesterday.  While many (myself included) assumed this was […]

Blog: Vulnerable WordPress Plugins Report for the Week of May 11, 2018

Vulnerable Plugins Three disclosures since last week, with all three issues unfixed.  WP Google Drive has not been updated in six years and should be replaced, if you haven’t already. View this week’s vulnerable plugins list. Other WordPress News The release candidate for version 4.9.6 is now available.  The tentative official release date has been moved […]

Blog: Vulnerable WordPress Plugins Report for the Week of May 4, 2018

Vulnerable Plugins Two disclosures since last week, with zero issues unfixed. View this week’s vulnerable plugins list. Other WordPress News Version 4.9.6 is now in beta, with a tentative official release date of May 15th.  4.9.6 contains 10 bug fixes, and 34 features/enhancements, most of which revolve around privacy and personal data tools to assist […]

Blog: Vulnerable WordPress Plugins Report for the Week of April 27, 2018

Vulnerable Plugins Twelve disclosures since last week, with three issues unfixed. View this week’s vulnerable plugins list. Other Security News Cross-Site Request Forgery vulnerability disclosed in phpMyAdmin 4.8.0 and earlier TPLink Router TLWR740N Remote Code Execution vulnerability disclosed Unvalidated Redirect in Shibboleth component of Blackboard Learn  

Session:

I’m sure you’ve read at least one “Guide to WordPress Security” or “Top Ten Tips to Keep Your WordPress Site Safe” articles. Maybe you even implemented a few, or all, of the suggestions.  But did you understand why certain items were suggested, or what exactly they accomplished?  In this session will discuss the most common…

Session:

When we talk about design and the web, for some reason we don’t believe we can have our beautiful cake and access it too. Sometimes, the idea of accessibility seems like a bucket of water on a campfire—not the kind of sizzle we are want for our website. And yet I tell you, there’s hope.…

Session:

WordPress slices, it dices, it makes julienned fries—but what’s the best plugin for each of those things while complying with the accessibility, branding and hosting requirements of higher ed? In this session, we’ll run down the plugins most commonly used in higher ed, as well as the ones developed (or forked) in-house and open sourced…

Session:

Managing 600 single site installs is about as much fun as it sounds. At Carleton University our CMS and Framework service allows departments, faculty members (and sometimes students) to create and manage their own content. We’ll take a look at the history and evolution of our service, our network architecture, and the processes and tools…

Session:

Preparing to release a new update to your website or app? This lightning talk will discuss how to prepare all stakeholders as launch day approaches.

Session:

Thoughts on managing large multisites with thousands of users, and only one theme.

Blog: Vulnerable WordPress Plugins Report for the Week of April 13, 2018

Vulnerable Plugins Nine disclosures since last week, with three issues unfixed. View this week’s vulnerable plugins list. Apologies for not getting this report out on Friday. I had other issues pop up that required my attention and didn’t leave me with enough time to complete the report on Friday.  Speaking of which, my responsibilities at […]

Session:

Kubernetes exploded in popularity during 2017 and for good reasons. Kubernetes is open-source software that can help you efficiently manage applications in containers. It could be a silver bullet your department is looking for if you are trying to automate tasks across a variety of different applications while growing release velocity and service resilience. Kubernetes…

Session:

In spring 2017, the team at Pressbooks began work on an Open Publishing Infrastructure project with funding from Ryerson University. Our goals were to build a full-content REST API for Pressbooks and use it to power a new feature for users and institutions creating Open Educational Resources: the ability to clone openly-licensed books for reuse…

Session:

They say that content is king, but the crown can weigh heavily on a troubled brow. How does a content strategist, charged with overseeing dozens if not hundreds of sites, do so without abdicating the throne? In this session, I suggest a different approach – content strategist as the trusted companion. Through training, education, guidance,…

Session:

Custom post types are an essential part of the WordPress toolbox. These add-ons make updates easier for content managers, provide databases that help with content delivery and simply just allows for easy customization. These always represent a specific content type, but how much content modeling is actually done before the website development begins. Whether approaching…

Session:

Over the last five years at Washington State University, we have built a single multi-network WordPress Multisite installation into the university’s primary content management system. All six campus locations, 11 colleges and hundreds of departments between have at least some presence on WordPress. In this talk I’ll cover assumptions I had when starting in higher…

Session:

This workshop will help higher education teams prepare for Gutenberg by better understanding the fundamentals of how the new editor’s block system works through this hands-on workshop where attendees will build their very own custom blocks. Attendees will learn how they can take advantage of the power of Gutenberg to create better editing experiences while…

Session:

If you’re in higher education, you need a content strategy. Period. Your organization is much more than lecture halls and a beautiful campus. It’s all that, plus online learning, remote students, social media engagement, competition with for-profits and MOCC (massively open online courses), and an audience that is beginning to question the value of a…

Session:

Higher-education and research are synonymous: educating the next genius and engineering the future. However, the two areas in universities are, in many campuses, leagues apart in how they create, consume, and distribute web applications. Research utilizing web applications, from custom PHP applications to content management system customizations and plugins, are commonly built as stand-alone, narrow…

Session:

Accessibility can be difficult to approach as an an organization. It is a complicated topic, and it is difficult to know where to begin, and it is hard to know when you’ve sufficiently met the requirements. But accessibility complaints are prevalent, and educational institutions need to build online experiences that don’t leave students behind to…

Session:

In this session I will share how I harnessed the power of WordPress to create a successful unique multipurpose student recruitment blog for the Art Department at my university. I will start by exploring the genesis of the idea for the blog and then speak to the blog’s design and development. I will discuss blogger…

Session:

Developers who love to write documentation are pretty rare. But, documentation is a critically necessary evil throughout a website’s life – from initial development through to ongoing support and enhancements. How much documentation is too much? Not enough? As developers, how can we produce meaningful documentation that supports our code and sets it up for…

Session:

A few years ago, everyone had to overhaul all of their websites to become ‘responsive’ and now we’re overhauling everything to be ‘accessible’. As we plan for Gutenberg and GDPR, we have to ask ourselves: What are the next big changes up ahead and how do we better anticipate them to get prepared before the…

Session:

“Governance” sounds like work. Like bureaucracy. Like “no.” It doesn’t have to be this way. Governance is most effective when it looks like help and sounds like “yes.” Governance should be empowering, enlightening, supportive of goals and flexible enough to allow innovation. But where do you start? How do you go from the wild wild…

Session:

Do you get nervous when thinking about speaking to a group of people?  Public speaking can be very rewarding, but the desire doesn’t come naturally. The good news is that YOU have something important to contribute, and you don’t have to be an expert. All non-technical and underrepresented people have unique stories to tell that…

Session:

When our institution decided it was time to switch our primary CMS to WordPress it was also decided to make the jump to a containerized environment. Join me as I demonstrate how Adams State University has made a quantum shift on how we manage WordPress using Docker and GitLab’s continuous integration tools. I’ll share lessons…

Session:

“Should this be a post or a page?” “How many tags should we have?” These may sound like old-hat questions to people who work with WordPress every day, but they are often fresh questions without clear answers for faculty working on collaborative, course-based WordPress sites. Academic projects bring varieties of information architectures, and each faculty…

Session:

Relying on students to run your WordPress multisite sounds scary, but it doesn’t have to be.  NYU Web Publishing is a tool and a service which empowers faculty, students and staff to create their own websites, and student workers have helped us scale to more than 10,000 user created sites.  Learn how NYU created an…

Blog: Vulnerable WordPress Plugins Report for the Week of April 6, 2018

Vulnerable Plugins Three disclosures since last week, with one issue unfixed. View this week’s vulnerable plugins list. Other WordPress News As previously mentioned, v4.9.5 was released on April 3rd.  While it was originally announced as a maintenance release, it does contain three security fixes.   If you haven’t already, you should get the 4.9.5 update into […]

Session:

Change is hard! Especially when a service team is asking hundreds of individuals and departments to totally reconfigure how they’re adding, updating and maintaining content on their websites—all while transforming their own processes, workflows and underlying infrastructure and technologies. That’s exactly what happened to us during our OpenText to WordPress migration. We will walk through…

Session:

TEL Library is a public, non-profit learning library dedicated to building a scalable and sustainable library of openly licensed, free, and affordable content solutions. We also re-package and re-use that content to offer curriculum solutions (courses, media books, etc.) that enable our partners to offer affordable education. Two things make this possible: Our content design…

Session:

Do you want to do development on multiple sites with different setups concurrently, but do not have to update core in each install every time a new version is released? Are you developing for a single site environment, but don not want to spin up a new development server for every site so you do…

Session:

OU Create is a Domain of One’s Own initiative in which any faculty, staff member or student at the University of Oklahoma can sign up for a free domain and web hosting. We now have more than 4,000 users, but creating a community is an ongoing challenge. In this presentation, I will detail the design…

Session:

Combining the power of WordPress with the logistical advantages of the Learning Management System (LMS) is an ideal way to facilitate dynamic learning experiences for your students. Whether you want to host a class blog, publish an open textbook or utilize WordPress plugins within the LMS, you can integrate these tools into your course design…

Session:

No matter how users get to your sites, they deserve an inclusive, accessible experience. A main navigation component built with accessibility in mind goes a long way towards this goal. Fortunately, WordPress leaves the implementation of accessibility best practices up to theme and plugin developers. This means that by carefully thinking about how to build…

Session:

It’s OK to day dream. Our minds need to play. We need to wonder; we need to wander. In a day where we’re on sensory overload, it’s important for our brains to take a break—in both our personal and professional lives—otherwise, we burn out. In this inspirational session, we’ll take a mental road trip of…

Session:

While WordPress has a substantial presence in higher education, it’s not the only game in town. Most colleges and universities have multiple content management platforms in play across campus: used by different schools, departments, research centers, labs, facilities, libraries, athletics, alumni and admissions. Even some smaller colleges, in my experience, end up with 3-4 different…

Session:

Constant code refactoring, missed deadlines and exploding costs are some of the consequences of bad code quality. In this talk I will try to convince you that good code quality, whether you are a one-man shop or a full-fledged development team, will help you to become truly Agile, honor deadlines and will improve the general…

Session:

Most traditional colleges and universities fear one thing: melt. After a prospective student becomes an accepted student, how do you successfully keep that individual connected and excited about joining your campus community? Institutions have tried everything: a nagging email cadence, digital games and contests, Facebook groups and stacks of paper mailers and postcards. Yet, it…

Session:

The problem: everyone on campus has a stake in your website. Certain departments want things structured their own way. Every office expects prospective students to intuitively understand the lingo and hierarchy of the institution. But let’s be honest: the data shows prospective students and their parents often search to find what they need (or give…

Session:

You have been asked to lead a WordPress project or team and expectations are high—your institution demands a first-class user experience with the utmost professionalism. And yet, financial and human resources constraints abound, presenting significant management challenges. How can you exceed expectations with a fraction of the budget and team size of a typical agency…

Session:

For a number of years, our department’s WordPress network, intended primarily for classroom use by faculty and students, was underused thanks in part to policies that prioritized security and risk-aversion over usability. In the fall of 2015, I worked with colleagues in academic technology and IT to develop a maintenance and communication plan that meets…

Session:

A local development server has become essential to working with WordPress. There are many different options for users such as MAMP/WAMP, Vagrant/VVV, Homestead, Docker, etc. Over the last year while working on the Web Development team at Lorain County Community College, I have found Vagrant or VVV (Varying Vagrant Vagrants) is a streamlined tool that…

Session:

One of the biggest web problems we have in higher education is the number of cooks in the kitchen. We’ve got SMEs and HIPPOs and the immeasurable plethora of “non web” people making changes to web content throughout the institution. Since there are as many ways to do things as there are people to do…

Session:

The web created the first universal publishing platform but schools, of all levels, are still having students submit paper or “electronic documents” for grading and review. Academic work lives in private, closed systems, never exposing students to the opportunity of external feedback. This session will propose a different approach. We require incoming college freshmen to…

Session:

Accessibility. a11y. You keep seeing these terms. You have a rough idea of what they mean but aren’t quite sure if they apply to your sites. They absolutely do. In this session, we’ll discuss the current state of accessibility in WordPress Core, and what the WordPress Accessibility Team is doing to ensure that WordPress not…

Session:

A single WordPress can push hundreds of millions of pageviews a month; it can serve tens of thousands of concurrent logged-in users; and it can be lightning-fast the whole time. It is known. The question is not whether WordPress itself can scale, but whether or not your implementation is ready. This session will cover: Page…

Session:

Learn to think of WordPress as an interface between you, a database and the visitor in this two-part workshop: Take control of WordPress with Child Themes — build a child theme in 45 minutes and learn how to make WordPress look and behave the way you want. Unleash the power of custom content — create custom post…

Session:

Has your institution tried an ePortfolio solution that didn’t meet your needs? You’re not alone. Come to this session to learn how we leveraged NYU’s existing university-wide Web Publishing service, powered by WordPress, and how we integrated a scalable solution using templates to fill this need. The use cases that led to this solution focused…

Session:

This one’s for everybody! In this talk, we’ll cover the organizational and technical benefits of running a multi-network, multi-site WordPress as the primary CMS at Boston University. We’ll highlight specific strategies, including organizational policies, development workflows and team structure that allow us to serve over a million users per month. We’re here to help dispel…

Session:

You’ve built a shiny, new WordPress site. You asked your co-worker and your boss if they like it and they both do. However, you’re lying awake at night wondering if you’re missing something—because you know you’re not the end user. You yearn for actionable feedback. In this talk, I’ll distill my background in usability research…

Session:

At USFSM, we have quit printing catalogs for students. We now run our catalogs as sites in our WordPress multisite setup. In this session, we’ll focus on why we changed formats, how the catalog is assembled, the success we’ve found, and the lessons learned.

Session:

Out of the box, WordPress provides a handful of user roles, from Subscriber to Administrator, each with an increasing level of access to manage content and settings on the site. While these roles provide a great starting point for many WordPress sites, they don’t offer the granularity one expects in a large organization with complex…

Session:

We’ll take a deep dive into secure WordPress development. We’ll go far beyond nonces and WordPress functions, and will look into what can go wrong at a lower level if poor security practices are used during WordPress development.

Session:

If you have ever had to choose a theme, and then had to build it out- then suddenly realized it would take 3 days just to figure it out- then this is for you. Don’t spend all your time learning new wheels- get a framework and learn it DEEPLY. Frameworks are going to be your…

Session:

Higher educations should be accessible for all users and making your website accessible does not have to be overwhelming. This session will provide a general overview of Section 508 and W3C WCAG 2.0 guidelines and the tools and resources needed to help make your site accessible.

Session:

Part feel-good, part practical, this presentation looks into the art and science of storytelling. First, we’ll cover why we, as humans, crave narrative. We’ll explore effective campaigns that span mediums and industries—not just the web and not just higher ed. After covering the science of stories and enjoying examples together, we’ll dive into the art…

Session:

Managing hundreds of WordPress installs across development, staging and production environments can be a tricky business. In this session, I will show you the evolution of our process to automate the management of more than 350 installations. With this process and the tools we implement, we handle updating, syncing content and managing code between several…

Session:

We work for the Center for Digital Research and Scholarship (CDRS) where we partner with a number of scholarly journals published out of Columbia University to produce the journal’s online component. This lightning talk will share the work we’ve done to customize WordPress using in-house themes and plugins to allow the setup and editing of…

Session:

Site Setup Wizard is a WordPress plugin that allows extending wp-signup.php with additional features such as selecting site’s privacy, site type, plugins to be activated, etc. before creating a site. It helps develop a workflow for students and faculty to for select different options while creating a site based on their user role. It also takes…

Session:

You don’t know it yet, but documentation is pretty amazing. Channel your inner educator and get inspired! We’ll talk about the different ways developers and end users try to solve problems, where they look to find information and how you can get ahead of those needs by putting your recommendations in the right places. Documentation…

Session:

WordPress is an awesome content management system, this is known. But sharing content between sites — such as those for different colleges or programs at the same university — hasn’t always been easy. In this talk, you will learn practical ways to share content between various WordPress sites — in the same multi-site installation or totally different…

Session:

Getting started with WordPress is easy — unless you got started a long time ago in some other CMS, or Dreamweaver or even (shudder) FrontPage. But you and WordPress can still have a happy relationship despite your baggage! In this session, I’ll show you how to import almost anything into WordPress. I’ll share examples from…

Session:

Today’s college faculty often finds itself overwhelmed, even confused, with the various options placed before them for storing and managing their digital “stuff”. This is especially true in the Community College setting where a majority of our faculty are part-time adjuncts. Our adjuncts often face greater time constraints and outside demands limiting their ability to…

Session:

In November of 2015, University of Colorado shared the result of a 132 university CMS survey. WordPress was overwhelmingly the CMS of choice for secondary properties, and the second place winner for primary university domains. Stats like these are amazing and encouraging to see. Brass tacks though, seeing is believing. I have consistently found that…

Session:

Hello! Hola! Bonjour! Does your institution serve students that speak different languages? If so, maybe your website should too! In this session we’ll compare different solutions for publishing content in multiple languages using WordPress, and what impact having a multilingual site could have on your site’s content and design. In this session, we’ll cover: Terminology…

Session:

Did you know that running multiple instances of WordPress on a single server doesn’t actually require multiple instances of the codebase? In fact, as of WordPress 3.9, you don’t even need multiple instances of a plugin or a theme! Multitenancy can eliminate massive maintenance overhead in the right situations, think server-wide, near-instant updates that let…

Session:

JavaScript is a powerful language that you can use to do simple UI things like animation to building complex multi view single page applications. I want to focus on a small piece of functionality that you may need built. Whether it is a complex form, a UI piece to help with engagement, or something else…

Session:

I believe people of any skill and access level can make a positive impact on a website. One aspect that seems often underlooked in higher education is SEO, whether it’s due to lack of budget, lack of knowledge, or the classic decentralized structure that lends itself to overlooking site-wide initiatives. In this session, I’ll share…

Session:

Google’s recent Transparency Report shows that nearly half a million websites are now hosting malware, an increase of 160 percent from this time last year. Higher education websites are particularly attractive to attackers, offering access to large amounts of bandwidth and broad network space. In this session, we’ll explore how attackers find vulnerable WordPress sites…

Session:

Marrying the liberal arts to information technology is no easy task. Instructors and technologists alike abhor technology tools that feel shoehorned into a course, to be used more for the sake of being “21st century” than to improve student learning. However, in many courses, WordPress offers a platform that not only transforms learning, but provides…

Session:

BuddyPress is a powerful plugin for WordPress, primarily used for adding “social” elements to sites. It has been a silent success in the higher education space and it’s been long overdue for some quality time in the limelight. This talk will be split into two parts. First we are going to see how some current…

Session:

Anyone involved in WordPress should have a place to play, test plugins, themes, and test their own code. There are tons of options available and setting one up is easier than you think! In this session, we’ll help find an environment that works for you. Desktop server, MAMP, VVV/Vagrant, O/S built-in web server. Bring along…

Session:

In this session, we’ll go under the hood to see how UIC redesigned its campus homepage and created a drag-n-drop, component-based content management with WordPress. UIC’s new campus-level multi-site allows more units to build better sites with strong campus branding, a more consistent user experience, responsive design and accessibility, all at significant cost savings. We’ll…

Session:

We teach web design as part of a full-time arts degree to the University of Toronto at Mississauga students. They learn WordPress as part of their course, but we also use BuddyPress and bbPress for our forums. In addition, we’ve developed some of our own plugins to mark assignments, and provide testers from which our…

Session:

The First Year Experience or Academic Foundations courses are found on campuses everywhere. But really what are students getting out of these courses? This session will explore how one instructor recreated the foundations course to better fit the learning outcomes of 2016 all built on WordPress. From ditching the traditional syllabi, assigning Twitter and Instagram…

Blog: Vulnerable WordPress Plugins Report for the Week of March 30, 2018

Vulnerable Plugins Seven disclosures since last week, with one issue unfixed. View this week’s vulnerable plugins list. Other WordPress News As noted last week, WordPress version 4.9.5 is scheduled for release on April 3rd. Originally, it was to include administrative dashboard call-outs to try-out Gutenberg, but those have now been removed: the Try Gutenberg callout will ultimately not land […]

Blog: Vulnerable WordPress Plugins Report for the Week of March 23, 2018

Vulnerable Plugins Three disclosures since last week, with two issues unfixed. View this week’s vulnerable plugins list. Other WordPress News Version 4.9.5 of WordPress is now in beta and has been scheduled for release on April 3rd. While 4.9.5 will be a maintenance release, it will interestingly include administrative dashboard call-outs to try-out Gutenberg (h/t […]

Session:

Malicious activity is an unfortunate reality when maintaining a web presence today. Most people involved in the web industry know someone who encountered the aftermath of a disruptive attack — if they haven’t themselves. Because of this, awareness of security best practices is at an all-time high. To many, though, it may not be clear…

Session:

When Matt Mullenweg announced in December 2017 that Gutenberg and WordPress 5.0 would be ready in just a few short months, we sat up and took notice. Knowing the landscape of our institution – and higher ed’s proclivity for denying change – we started making plans. From the beginning we were thinking about the full…

Session:

We need to take an extensive look at how we teach web “design” in our schools today. Many institutions still don’t even show a CMS or only focus on the “hard” skills of web creation (HTML, CSS, etc). With the ever increased enrollment in non-traditional four-year universities, we need to give today’s students what they…

Session:

This session serves to answer the most-asked question I get as a developer: “How can I keep my WordPress site secure?” This session will walk you through three major levels of security: server-level, site-level and external. And it’ll explain how they all work together to ensure that your site’s defenses are bolstered against any incoming…

Session:

Achieving WCAG and screen-reader accessibility, for the most part, isn’t too hard—web fonts and robust button formats have removed the need for text-as-image-file graphics, and CSS layouts rescued all of us from inaccessible, table-based presentations. But tab elements, with their semantically-separated button controls and content panels, present a special challenge. In this session, we’ll discuss:…

Session:

During the 2016-2017 academic year, the department of Spanish and Portuguese at Princeton University debuted an online textbook entitled Aprendo. This homegrown, WordPress-based textbook, built by the McGraw Center for Teaching and Learning, is currently being used by approximately 350 students and instructors in 27 Spanish-language classes covering introductory and intensive introductory Spanish. The Aprendo…

Session:

Traditional WordPress templates are written in PHP code that mixes HTML output with more advanced programming logic. The Timber plugin for WordPress lets you move the markup part of your templates into separate files written in Twig, a simple yet powerful templating language. When you separate logic from layout in this way, your themes will…

Session:

This session was selected as the “Best Speaker” of WPCampus 2017. Congrats Brian! Get to know Brian before he presents. Learn why he loves higher education, his favorite tools, and how to be a guest with him on the WPCampus podcast. NC State’s central IT office employs almost 300 people, whose areas of expertise range…

Session:

Migrations are a thing we have to do sometimes but dread doing. You ask yourself before, will it go okay? You think later, did I forget anything? In this talk I’m going to give you some key insights into migrating information from WordPress.com to a WordPress.org self-hosted site. After we’ll discuss the details of migrating…

Session:

The Amherst College Press is a small and relatively new press. In this talk I will discuss what we’ve done at Amherst College in using WordPress as a portal for our open access publishing. I will talk about what our system and workflow currently looks like from a technical standpoint as well as the WordPress…

Session:

In higher education, we work with a lot of sensitive information. Even data that’s not federally protected might need to be kept private only to members of a specific faculty group, research center or set of course coordinators. The built-in content security within WordPress—limited to sharing passwords or creating user accounts for the site—is both…

Session:

Get to know Jeremy before he presents. Learn about the first website he built for his chemistry teacher and what his wapuu would look like. Universities publish a lot of content on the web! It’s not uncommon for there to be thousands of domains and millions of pages. As a central web group, how do…

Session:

The WordPress REST API has the potential to put a familiar face on the content management of a whole world of front ends. Imagine a campus tour app that uses the same content infrastructure as the event kiosk in the student union and the .edu site. Then come see how to build it. Participants will:…

Session:

Get to know Mike before he presents. Learn how he got started on the web, why he loves working within higher education, and what his wapuu would look like. In 2014, The University of Maine determined that umaine.edu needed to be taken to the next level. A year later, a robust new website was launched to coincide…

Session:

Working in higher education, we have a duty to make sure that our web content is usable and accessible to everyone. The Web Content Accessibility Guidelines give us a good place to start, but we need to take the time and effort to do things properly from the start. Accessibility is not something that can…

Session:

Get to know Travis before he presents. Learn how he got started on the web, why he loves working within higher education, and what tools he can’t live without. WordPress announced that it won’t be following its regular release cycle in 2017. The core team is going to focus on three key projects, of which the largest…

Session:

Get to know Mike before he presents. Learn when he caught the spark to work on the web and why he loves working in higher education. In 2010, John Carroll University began rolling out WordPress as its content management, the first the school had ever used. They picked WordPress due to its user-friendly interface and powerful…

Session:

Stanford Law School launched a completely redesigned website in August 2015. But as you know, new websites are never done! There’s always room for improvement: incremental UX enhancements, feature requests, upgrades and content strategy. We’ve spent our time since then making sure that everything stays up-to-date and our internal clients are happy. We’ll share what…

Session:

Not only do campus individuals need help communicating to the outside world, they also need help communicating internally. WordPress has helped Canisius College immensely. It is being used in a variety of ways and by a variety of individuals across the institution. This effort is supported by the Center for Online Learning and Innovation (COLI),…

Session:

Get to know Guillaume before he presents. Learn how he got started building websites and why he enjoys working in higher education. A case study of how the Harvard Chan School is leveraging Amazon Web Services to power a high performance, elastic and scalable hosting environment for 1900+ websites, on one WordPress Multisite installation. This session…

Session:

Get to know Shawn before he presents. Learn how he got started on the web, who he follows on Twitter for WordPress, and why he thinks testing is important. There has been lots said about the value of unit testing your code, but what about actually testing that your websites and applications work correctly once deployed?…

Session:

Finding it tough to translate your ideas into developer-speak? Not even sure where to start? Working with developers doesn’t have to be a headache! This presentation covers key strategies that will make your relationships with developers (or IT teams) flow like a well-oiled machine. You’ll leave with tips and technical vocabulary to help you become…

Session:

Let’s take a look at what makes a quality theme or plug-in. We’ll share the guidelines that we follow and the automated tools that we use to evaluate plug-ins and themes for performance, reliability, accessibility and security. We’ll perform a shortened live review of a popular theme to illustrate the process.

Session:

Get to know Charles before he presents. Learn how he got started on the web, why he works in higher education, and who he follows on Twitter. At Lafayette College we were already using git to manage our WordPress multisite networks, but our process depended on a cumbersome submodule-based approach and browser-based upgrades. We ditched all…

Session:

Get to know Dwayne before he presents. Learn about his first website and why he supports higher education. Humans think in stories. Every story follows a general pattern. Once we learn to see these patterns we can more readily create new stories. In this session we will explore these story structures and how we can…

Session:

The architecture of higher education websites can often be massive and complicated. Navigating through to different departments and resources can frustrate users. There are too many clicks to reach the content users are looking for, no way to get back to where they came from or not enough visual cues to let them know where…

Session:

Get to know John before he presents. Learn how he got started on the web, who he follows on Twitter, and why he loves the WordPress REST API. Shuffling along with the same old web interface? Moaning about how slow it loads? Watching your audience rot away yearning for features you just can’t implement in PHP?…

Session:

Get to know Dave before he presents. Learn why security is important to him and what tools he can’t live without. WordPress has been given a bad rap as being easy to hack. The most common problem that causes a website to be hacked is human error. It is possible to recover from being hacked,…

Session:

Let’s talk about scale! Does your WordPress service scale well? Do your users agree? If remote access is a factor at your statewide system, your satellite institution (or that really far building), then this session is for you. NYU has campuses around the world, yet our model for scaling WordPress can work for schools of…

Session:

Our open textbooks program went from one college, three part-time staff, very little funding, an unwieldy website platform, no digitized book production, no statistics, no author participation and many unanswered questions like, “What are open textbooks and why should we care?” to: open educational services, 64 partner colleges, an executive director, advisory board, multiple book…

Session:

Get to know Ashley before she presents. Learn why she enjoys working in higher education and why understanding imposter syndrome is so important. Have you been faking it this whole time? Yeah, me too. In this session we’re going to have a heart to heart about what it’s like to experience imposter syndrome and what leads us to…

Session:

Storytelling is at the heart of what we marketers do. Often, the success of our stories depends on our success as interviewers. Creating compelling and interesting articles and anecdotes means we must get out our shovels and dig deep. But asking the right questions is only part of it—getting heartfelt answers often only comes when…

Session:

We all have to start somewhere. But if you work in an office that has not yet embraced the concepts, workflows and processes that a content strategy requires — in other words, you work in an office where no one “does” content strategy — where do you begin? How can you make progress on creating content that…

Session:

Do you remember when you could run a “fast” WordPress site with just an Apache server and PHP? Yeah, those were days! Things were a lot less complicated then. Now, everything has to load lightning fast! Visitors don’t have the same expectations about loading times as they used to. A slow site can have serious…

Session:

Online learning isn’t just for students. It can be a fantastic internal solution for training. But when budgets are tight, custom solutions won’t work. In this talk we’ll look at several plugins that can get you started without needing custom code. We’ll also cover tips and tricks for getting a learning site up and running…

Session:

Universities today leverage WordPress Multisite to empower students, update faculty content and course notes, and bring entire communities together. With large multisites and small teams, it is common for performance headaches to occur: faculty can’t update or create course sites, students can’t blog and share their stories, and the internal dev team struggles with losing…

Session:

During this workshop, Michael Fienen will walk you through a number of techniques and processes that will enable you to take your implementation of Google Analytics well beyond a plain set-it-and-forget-it configuration. Better analytics allows you to make better informed decisions and save time (plus you look super smart in meetings when you can answer…

Blog: Vulnerable WordPress Plugins Report for the Week of March 16, 2018

Vulnerable Plugins Thirteen disclosures since last week, with four issues unfixed. View this week’s vulnerable plugins list. As with previous weeks, there are a few fairly popular plugins in this week’s list: Duplicator – WordPress Migration Plugin, WP Job Manager (both have updates available), Limit Login Attempts Reloaded, and Limit Login Attempts (no updates available).  Make sure […]

Blog: Vulnerable WordPress Plugins Report for the Week of March 9, 2018

Vulnerable Plugins Five disclosures since last week, with three issues unfixed. View this week’s vulnerable plugins list. Please note there are a couple of fairly popular plugins in this week’s list: iThemes Security, and WP All Import.  Make sure to get these updates into your change management cycle as soon as possible.

Blog: Vulnerable WordPress Plugins Report for the Week of March 2, 2018

Vulnerable Plugins Seven disclosures since last week, with only one issue unfixed. View this week’s vulnerable plugins list. Please note there are a couple of fairly popular plugins in this week’s list: MainWP-Child, and WP Fastest Cache.  Make sure to get these updates into your change management cycle as soon as possible. Other Security News […]

Blog: Vulnerable WordPress Plugins Report for the Week of February 23, 2018

Vulnerable Plugins Nine disclosures since last week, with all issues fixed! View this week’s vulnerable plugins list. Please note there are a couple of fairly popular plugins in this week’s list: MailChimp for WordPress, WooCommerce, and Ninja Forms.  Make sure to get these updates into your change management cycle as soon as possible.

Blog: Version 4.9.3, Version 4.9.4 and the Denial of Service Vulnerability

As I mentioned on Friday, WordPress version 4.9.3 was released as scheduled Monday mid-day. If you have auto-updates enabled, you might have been surprised to see another WordPress update (4.9.4) come through Tuesday morning around 10am (CST). It seems there was a severe bug in 4.9.3 that caused the auto update feature to break in some sites […]

Blog: Vulnerable WordPress Plugins Report for the Week of February 2, 2018

Vulnerable Plugins Seven disclosures since last week, with three issues unfixed. View this week’s vulnerable plugins list. Other WordPress News WordPress core announced on Tuesday version 4.9.3 will be delayed until Monday, February 5th.  So now you know what you’re doing on Monday. 😉 Other Security News Also on Tuesday, Cisco disclosed a vulnerability in the […]

Blog: Vulnerable WordPress Plugins Report for the Week of January 26, 2018

Vulnerable Plugins Eighteen disclosures since last week, with five issues unfixed. Plus two disclosures (Ninja Popups) that I missed last week. View this week’s vulnerable plugins list. WPCampus Online Don’t forget: the WPCampus Online conference is this Tuesday, January 30 starting at 9:00 A.M. CST.

Blog: Vulnerable WordPress Plugins Report for the Week of January 12, 2018

Vulnerable Plugins Six disclosures since last week, with three issues unfixed. View this week’s vulnerable plugins list. WordPress Security News Version 4.9.2 was released on Tuesday. It is a security and maintenance release and addresses a Cross-Site Scripting vulnerability and 21 other bugs.  If you do not have auto-updates enabled, definitely get the update into […]

Session:

Content management systems like WordPress are incredibly powerful, but we can get accustomed to the benefits, drawbacks, and development environment of the system without thinking about the bigger picture: what’s coming down the road? What’s new? Does this system fit my (users) needs? Is there a seismic change coming? In this talk, I’ll approach the…

Blog: Vulnerable WordPress Plugins Report for the Weeks of December 29, 2017 and January 5, 2018

Vulnerable Plugins Ten disclosures over the last two weeks, with four issues unfixed. View this week’s vulnerable plugins list. I hope everyone had a wonderful and relaxing holiday break. Unfortunately, vulnerabilities and disclosures did not rest. Two critical situations were disclosed during that time: an Unauthenticated Arbitrary File Upload discovered in the LearnDash LMS plugin by […]

Blog: Vulnerable WordPress Plugins Report for the Week of December 22, 2017

Vulnerable Plugins Twenty-six disclosures this week, with ten issues unfixed. View this week’s vulnerable plugins list. The most concerning disclosure this week was the discovery by Wordfence that the plugin Captcha (300K installs) contained backdoor code.  In looking through the repository, it appears the code was introduced in v4.3.6 of the plugin.  Version 4.4.5 was released earlier […]

Session:

Education is often most powerful when the digital and real-world merge in ways that increase the power of both. We’ve built a variety of instructional and technical-design patterns to create custom tools for students and faculty that help achieve this blend. These sites help guide reflections, assist in data analysis, and augment the data gathered…

Session:

WordPress 5.0 is around the corner and should contain a major upgrade to the default post editor. Project Gutenberg and the changes that it may be bringing to the WordPress ecosystem has been a hotly debated topic over the last several months. The change moment introduces some really cool features designed to make the process…

Session:

NC State has recently built a WordPress plugin using the aXe Accessibility Testing Engine by Deque Systems. We are finishing up our pilot of this within our own Office of Information Technology group and are gearing up to launch the tool to the rest of our campus. In this session, we will go over how…

Session:

Everyone knows accessibility is important now. (You didn’t know? DEFINITELY you need to be at this session.) The low-level stuff is pretty easy — make sure your images have alt tags, replace your Flash videos with HTML5 equivalents with proper captioning, stop using PDFs to display text content (seriously, STOP USING PDFs), etc. But what…

Session:

We started with a need to develop a more robust faculty training schedule system for sign-ups and tracking. We are now expanding the platform to handle the scheduling and tracking of all professional development training on our campus. I will be covering what we looked for, why we chose what we did, lessons learned along…

Session:

How do you re-design a graduate program to embrace and reflect open learning? You move it to WordPress at the same time you are redesigning it. If this sounds simpler said than done you’re right! Coinciding with a five-year program review of their Master of Arts in Learning Technology, the School of Education and Technology…

Blog: Vulnerable WordPress Plugins Report for the Week of December 15, 2017

Vulnerable Plugins Seven disclosures this week, with five issues unfixed. View this week’s vulnerable plugins list. Other Security News I’ve discussed the DorkBot service from UT Austin a couple of times now. I recently had the pleasure to chat with Andrew Scheifele (who had a hand in the DorkBot project) about how the service has […]

Session:

Now that WordPress has an amazing Rest API, there is a lot of buzz around “Headless” or “Decoupled” sites. However, these are mostly covered with “how-to” and not “what this is” articles. This presentation will provide a deeper understanding of the trending solutions around the WordPress Rest API and JavaScript by examining Limbless, Headless, and…

Session:

Living in LA, we must be prepared for all contingencies. Would our 50,000 students be able to simultaneously use the emergency page on their phones while hiding from a shark-infested tornado? We designed an AWS setup that gives us the redundancy, security, scalability, and reliability we need for high-profile sites without the higher cost of…

Session:

We’ve all been there. Your site looks beautiful on mobile, tablet, and desktop but 768 pixels to 900 pixels is a disaster. Creating a truly responsive website experience goes beyond using bootstrap. Front End Developers consistently find themselves creating elaborate sets of media queries that are time consuming to create and difficult to maintain. This…

Session:

Learn the information security principles to lock down and secure your WordPress website. You will learn about weak passwords, faulty themes or plugins, or even old WordPress installations and the steps to take to secure your site today. Learn Adrian’s top 3 rule for selecting plugins (or themes) to avoid costly installation mistakes. Use plain…

Session:

According to the 2016 Ruffalo Noel Levitz survey of prospective students, academic program data is one of the most valuable tools we have in the recruiting arsenal. Yet much of the information they really need – job statistics, alumni information, faculty and student stories – is buried in the traditional academic hierarchy. How do we…

Session:

Nicky Agate, head of digital initiatives at the Modern Language Association, will discuss the society’s collaboration with Columbia University Libraries on CORE, or the Commons Open Repository Exchange, a Fedora plugin for WordPress/BuddyPress that enables an open-access repository to work in a socially-networked scholarly ecosystem. Like other open-access repositories, CORE facilitates the distribution, discussion, and…

Session:

Do you know that if you have a picture of a duck having it face left or right can increase your conversions by 40%? Think this sounds silly? It is but backed by research. Spend some time to learn about what a/b testing is, what things to test, testing methodology and the best tools to…

Session:

It’s easy to spend your entire day, heads down, coding projects without thinking twice about other developers around you. We often get too absorbed with completing our immediate deadlines to spend any time considering the future of our projects, the future of our teams. By not mentoring new developers we are failing our future. We…

Blog: Vulnerable WordPress Plugins Report for the Weeks of November 24 and December 1, 2017

Vulnerable Plugins Fifteen disclosures over the last two weeks, with eleven issues unfixed. View this week’s vulnerable plugins list. I hope everyone in the State’s had a great Thanksgiving last week. Many of you this week, hopefully, are attending WordCamp US  in beautiful Nashville. If you are, please be sure to say “hello” to our colleagues […]

Blog: Vulnerable WordPress Plugins Report for the Week of November 17, 2017

Vulnerable Plugins Twenty-two disclosures this week, with ten issues unfixed. View this week’s vulnerable plugins list. The critical updates you should be aware of from this week’s list are in Formidable Forms, discovered by Klikki Oy, and in WP Support Plus Responsive Ticket System, discovered by Robert Mathews. If you are using either of these plugins, please make […]

Blog: Vulnerable WordPress Plugins Report for the Week of November 10, 2017

Vulnerable Plugins Six disclosures this week, with three issues unfixed. View this week’s vulnerable plugins list. The most interesting disclosure this week, in my opinion, is that for the Animated Weather Widget plugin reported by WordFence.  While the plugin itself did not contain a vulnerability, the plugin generated an iframe that contained content from weatherfor.us […]

Blog: Vulnerable WordPress Plugins Report for the Week of November 3, 2017

Vulnerable Plugins Nine disclosures this week, with one issue unfixed, one possibly unfixed (see the notes section in the spreadsheet). View this week’s vulnerable plugins list. The largest disclosure this week was definitely the SQL Injection vulnerability patched in v4.8.3 of core. The patch even got its own haiku (courtesy of pagely.com): WordPress Halloween. We […]

Blog: Please Update to WordPress v4.8.3 Immediately

Version 4.8.3 was just released moments ago. It address a SQL Injection issue discovered by Anthony Ferrara‏  IMPORTANT: I will be disclosing a massive WP SQLi vulnerability soon. I have no confidence WP will fix correctly and hence no choice but FD — Anthony Ferrara (@ircmaxell) October 26, 2017 Confirmation from Anthony  Yes. I will […]

Blog: Vulnerable WordPress Plugins Report for the Week of October 27, 2017

Vulnerable Plugins Nine disclosures this week, with five issues unfixed. View this week’s vulnerable plugins list. The largest disclosure this week was most likely the SQL Injection combined with Object Injection vulnerability in the Contact Form for WordPress – Ultimate Form Builder Lite plugin disclosed by Wordfence. At the time of discovery, the vulnerability was […]

Blog: Vulnerable WordPress Plugins Report for the Week of October 6, 2017

Vulnerable Plugins Fourteen disclosures this week, with six issues unfixed, with three of those critical. View this week’s vulnerable plugins list. The big news this last week, at least in terms of coverage, was the disclosure by Wordfence of three plugins vulnerable to Object Injection vulnerabilities.  Luckily, all three plugins have been fixed with updates […]

Blog: Vulnerable WordPress Plugins Report for the Week of September 29, 2017

Vulnerable Plugins Eleven disclosures this week, with two issues unfixed, both critical. Both have been removed from the public repository. View this week’s vulnerable plugins list. As a point of clarification, since there seems to be some confusion: I am not the discoverer of the vulnerabilities listed in the spreadsheet.  There is a column labeled […]

Blog: Vulnerable WordPress Plugins Report for the Week of September 22, 2017

Vulnerable Plugins Fourteen disclosures this week, with five issues unfixed, and one that is critical. View this week’s vulnerable plugins list. The critical disclosure this week is an Arbitrary File Upload vulnerability in the plugin All Post Contact Form.  It appears that the plugin doesn’t do any checking on the file type that is being […]

Blog: Vulnerable WordPress Plugins Report for the Week of September 15, 2017

Vulnerable Plugins Eight disclosures this week, with two issues unfixed, and two where I’m not sure. View this week’s vulnerable plugins list. The two I’m unsure of this week are with iTheme’s Backupbuddy plugin.  Backupbuddy is a paid plugin, so I do not have access to the source files.  The last changelog mention I can […]

Blog: Vulnerable WordPress Plugins Report for the Week of September 8, 2017

Vulnerable Plugins Seventeen disclosures this week, with eight issues unfixed. View this week’s vulnerable plugins list. Other Security News The big disclosure this week was the breach at Equifax. If you haven’t head about it yet, I strongly recommend you read the write up by Brian Krebs over at krebsonsecurity.com. The TL;DR is Equifax, one […]

Blog: Vulnerable WordPress Plugins Report for the Week of September 1, 2017

Vulnerable Plugins Ten disclosures this week, with three issues unfixed. View this week’s vulnerable plugin list. The disclosure with the most visibility this week was in WooCommerce Product Vendors, where researchers from SiteLock discovered an unauthenticated, reflected Cross-Site Scripting vulnerability.  Automattic was quick to patch the vulnerability and promptly released version 2.0.40. Also disclosed this […]

Blog: Vulnerable WordPress Plugins/Themes Report for the Week of August 25, 2017

Vulnerable Plugins/Themes Seven disclosures this week, with zero issues unfixed. YAY! View week’s vulnerable plugin list.   This week, let’s look at the Authenticated, Unauthorized Information Disclosure vulnerability in version 1.1.0 of Advanced Contact Form 7 DB plugin, as you may be asking how there can be a problem if someone is already authenticated.  Authentication […]

Blog: Vulnerable WordPress Plugins/Themes Report for the Week of August 18, 2017

Vulnerable Plugins/Themes Eleven disclosures this week, with three issues unfixed. View week’s vulnerable plugin list. Going to highlight a couple from this week. The first is the discovery by researcher Lenon Leite who discovered a SQL Injection vulnerability in the plugin Link Library.  Just like with last week’s SQL Injection examples, this vulnerability requires an authenticated user […]

Blog: Vulnerable WordPress Plugins/Themes Report for the Week of August 11, 2017

Vulnerable Plugins/Themes Eleven disclosures this week, with two issues unfixed. View this week’s vulnerable plugin list. We have one theme joining the list this week: GamePlan – Event and Gym Fitness by cactusthemes.com.  I mention it specifically because while I doubt most of us are using a gym-based theme (though possibly for a student rec […]

Blog: Vulnerable WordPress Plugins Report for the week of August 4, 2017

Vulnerable Plugins Six disclosures this week, with three issues unfixed. View this week’s vulnerable plugin list. One of the disclosures is actually from last week that I intended to include but forgot.  I want to bring attention to it because it highlights how vulnerabilities can, and often are, stacked.  Wordfence recently wrote about how attackers […]

Blog: Vulnerable WordPress Plugins Report for the Week of July 28, 2017

Vulnerable Plugins It was a busy week while I was away.  Twenty disclosures, with eleven issues unfixed.  In concerns to both Formcraft Form Builder, and Ultimate Affiliate Pro, since they are paid plugins, I do not have access to the source code in order to verify the disclosures.  In addition, I’m assuming the vulnerabilities still […]

Blog: Vulnerable WordPress Plugins Report for the Week of July 13, 2017

Nope, today is not friday (sorry). I’m going to be out-of-town tomorrow so I’m doing this week’s report a day early.  I’ll also be out next week; as such, there will be no report next week on the 21st.   If there are numerous disclosures while I’m out, I’ll do a report shortly after I […]

Blog: Vulnerable WordPress Plugins Report for the week of July 7, 2017

Vulnerable Plugins Only four plugins with disclosed vulnerabilities this week, none of which remain unpatched! That’s the fewest number of disclosures in a week since I started doing this report.  You’ll notice WP Statistics made a repeat appearance after being on last week’s report for a SQL Injection vulnerability.  This week’s appearance is due to an Authenticated […]

Blog: Vulnerable WordPress Plugins Report for the Week of June 30, 2017

Vulnerable Plugins Eight plugins with disclosed vulnerabilities this week, five of which remain unpatched. The most serious is FormCraft which contains two unfixed SQL Injection vulnerabilities.  The packetstorm post mentions the vulnerability being in “FormCraft Basic” but that the plugin directory for google dorking is “formcraft”. The version in the public repository definitely contains the vulnerability, […]

Blog: Vulnerable WordPress Plugins Report for the Week of June 23, 2017

Vulnerable Plugins This week’s list is probably one of the shortest since I started doing these reports: only 6 plugins, with 3 having unfixed vulnerabilities.  Unfortunately, one of them is a repeat offender: Photo Gallery by WD, which made an appearance in the May 5, 2017 report for a SQL Injection vulnerability.  This time around, […]

Blog: Vulnerable WordPress Plugins Report for the Week of June 16, 2017

Introduction The weekly list is a collection of plugins and/or themes that have had vulnerabilities disclosed within the last week. I’ve historically created these weekly vulnerable plugin reports for the WordPress admins at the University of Missouri campus as a way to help them identify plugins and themes that need to be updated quickly. I began […]

Session:

BuddyPress is a powerful plugin for WordPress, primarily used for adding “social” elements to sites. It has been a silent success in the higher education space and it’s been long overdue for some quality time in the limelight. This talk will be split into two parts. First we are going to see how some current…

Session:

Think about the last time you found yourself frustrated when something didn’t work out the way you wanted it to. Perhaps it was a project at work, a challenge in your personal life, or even the result of a national election. In this session, I will share some lessons learned from contributing to WordPress and…

Session:

Creating an optimal experience for a community of WordPress users that have varying levels of expertise is a tough task. It’s made especially harder in higher education by the fact that the community of users which require support can potentially change with each semester. This presentation will provide a model to overcome some of those…

Session:

Managing or planning to implement a large WordPress Multisite? This session will provide insights as to how we at New York University run and manage our multisite with 5000+ sites. It will cover a few tips and tricks we use on daily basis for aspects such as: our semi-automated plugin/theme update process using version control…

Session:

WPCampus ran a comprehensive survey with 486 respondents answering over 50 questions on how their campus uses WordPress. In November of 2015, University of Colorado shared the result of a 132 university CMS survey. WordPress was overwhelmingly the CMS of choice for secondary properties, and the second place winner for primary university domains. Stats like…

Session:

Of all the issues organizations can face, perhaps one of the most daunting from a content POV is just making it easier for the people who know the most about the topics in your digital strategy to be involved in content process. This is particularly true in HigherEd environments because demands on the time of…

Session:

Open Learning means no more boring disposable assignments and no more locked-down closed LMS’s. In Open Learning, students become to become creators and publishers, instead of passive receptacles for lecture. WordPress is the magic that enables professors to create open learning experiences such as student portfolios, writing-for-public assignments, collaborative open texts, and more. In this…

Session:

Learn how to set up low-cost, easy-to-maintain digital signs using WordPress, an HD-TV, and a Chromebit. Greg will demonstrate a custom-built WordPress theme (available on GitHub), as well as present other available options for building digital signs with WordPress. He will also present a handful of WordPress plugins that make it easy to pull information…

Session:

If you’re looking for your first LMS (or starting fresh by leaving an old one behind), the number of choices you have can be overwhelming. But there’s one option you may not have thought of that can be a surprisingly good non-traditional solution, particularly if you’re working with bundling open or microlearning courses: using WordPress.…

Session:

The inside look at how the four most terrifying words ever uttered in development history have worked out for Boston University. We’ll cover seven years of successes and lessons learned in framework development, including enforcing brand guidelines in the site, when to allow customization and when to say no, and how on earth to make…

Session:

A high-level discussion of how WordPress has incorporated itself into a Drupal-centric campus for web development. Let’s chat about how to leverage WordPress and its strengths with a pre-established CMS and culture, how to build trust and value in WordPress, and the benefits and challenges that WordPress brings to an established CMS campus environment. The…

Session:

A year ago our web shop went from two harried full-timers to three full-time staff, one part-timer, a couple interns, and a partnership with another unit. The two people whose idea of communication meant yelling across the hall at each other suddenly expanded to 6+, and with it came the inevitable requirements of management, and…

Session:

The talk will focus towards non-developers, and use no code, but will explain a very developer-focused tool / addition to WordPress. Takeaways will include understanding of what the API is on a high-level, and also what it can be used to create.

Session:

We create things on the internet so that people can access our information and, often, so that we can get information from them. Unfortunately, we often overlook difficulties and differences that people have when accessing our content, which is ultimately pretty self-defeating. We need to be able to empathize with our users, and make sure…

Session:

We all know WordPress can do just about anything. In this session you’ll see how you can completely revolutionize (and simplify) the way your institution communicates with external and internal audiences. Vanderbilt University is using a WordPress to run its extensive news presence (including video and audio) – news.vanderbilt.edu – with multiple front-ends available for…

Session:

Ever wondered if WordPress can provide a more powerful end-to-end learning experience than Moodle. In this talk titled; ‘From Moodle to WordPress – what we learnt and why we moved’, I will outline our journey from Moodle to WordPress for click-to-pay-to-learn and why moving to WordPress was the best decision we ever made! They key…

Podcast: Access Denied - WordPress Security

Whenever you talk about WordPress, someone brings up WordPress security. Your boss is going to bring it up, your clients are going to bring it up, and there’s a decent chance you’ve had at least one night’s sleep ruined thinking about it. It’s one of those things that makes you feel paranoid: Am I doing […]

Login to WordPress