Create by Mediavine
- Plugin:
- Create by Mediavine
- Plugin Slug:
- mediavine-create
- Installations
- 8,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-1711
The post WordPress Vulnerability Report — March 27, 2024 appeared first on SolidWP.
]]>Additionally, there are 19 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress 6.4.3 was released on January 30, 2024, as a short-cycle maintenance and security release with five bug fixes in Core and 16 bug fixes for the Block Editor. It is recommended that you update your sites immediately.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
The post WordPress Vulnerability Report — March 27, 2024 appeared first on SolidWP.
]]>The post 12 Ways to Build Recurring Revenue for Your WordPress Business appeared first on SolidWP.
]]>You can establish lasting relationships with clients by embracing subscription-based services or retainer packages. It’s crucial to choose recurring revenue models that align with your workload and areas of expertise.
You don’t have to offer all of these services, but there are many to choose from. Let’s look at 12 ways to build recurring revenue for your WordPress business.
Everyone with a website needs hosting. This is an easy-to-manage recurring revenue option for most WordPress-based businesses. Plus, it’s a win-win.
Clients will love the fact that they don’t have to look somewhere else for this service, deal with an additional bill, or manage another vendor. Meanwhile, you can control the environment, making site management easier in the long term.
How to offer it:
A WordPress site is only as good as its updates in the long term. Regular site updates ensure that a client has a website that’s functional, performs well, and includes the latest security features.
A site update package coincides well with website hosting, so you can keep client sites working flawlessly over time. Plus, this service usually doesn’t take much time.
How to offer it:
The beauty of offering security services is that they don’t require a lot of time from you, making them ideal for recurring revenue. If you offer security on every site and use a set of security solutions like virtual patching, you won’t lose sleep over malware or brute force attacks.
Common and helpful security services include brute force protection, vulnerability scans, and user protections like requiring two-factor authentication (2FA) and limiting login attempts.
How to offer it:
Clients want to protect their investment – their website – so they’ll need a backup solution. However, there isn’t a built-in backup solution for WordPress, so offering this service should be a given.
Site backups should be done on a frequent basis. To save time, you can schedule them and streamline the process. You can also make it easy to restore by storing backups offsite with controlled cloud storage.
With automated site backups, you’ll save time, protect client sites, and build recurring revenue.
How to offer it:
If you want to offer all the recurring revenue options we’ve covered so far, you can bundle them into a single WordPress care plan that offers everything for clients.
This is a solid add-on that can include security, backups, and updates for one price. While it should be priced lower than purchasing each service individually, a WordPress care plan is one of the best ways to maximize recurring revenue.
How to offer it:
For some businesses, recurring revenue is less technical and more content-oriented. Content creation services can take time but can be especially valuable for clients who don’t want to manage this on their own.
Common content creation packages may include creating images, videos, and text for activities such as digital advertising, email marketing, and social media. (You may find yourself offering any combination of these services and activities.)
How to offer it:
Most clients are unfamiliar with SEO, and if they do know it, they don’t want to do it. Search engine optimization can take a lot of work and time, but once you start, it’s easier to maintain and offer as a recurring revenue service.
Offer it during and after a website launch, along with a strategy for clients and a solid explanation of why it matters. If you’re handling their foundational website needs, technical SEO will be much easier. Plus, SEO can go hand-in-hand with content creation and updates.
How to offer it:
If SEO takes too long to get the results a client wants, digital advertising might be the answer. A growing number of clients are unfamiliar with paid advertising or don’t want to do it themselves.
If digital advertising is in your wheelhouse, it can be a great way to build recurring revenue.
How to offer it:
For clients who are looking for a high return on investment, email marketing might be the answer. As a direct response platform, a client with a solid email list and something to offer online can see strong results.
From regular newsletters to automation, email marketing can take some time initially to set up but will get more efficient for you over time. Once you have mastered this service, it’s easy to sell and build recurring revenue from it.
How to offer it:
Clients who are strapped for time will appreciate social media management services. Create campaigns from website content and repurposed content to make the most of elements you already have.
For new content, consider AI or templates to make the captions to help maximize your time during social media content creation. This service can also be paired with the client’s website content creation and updates to maximize recurring revenue.
How to offer it:
Performance is a key element of long-term website success. Google even notes that strong website performance, usability, and speed contribute to search.
If you are already doing foundational services, content updates, or SEO for clients, this service shouldn’t take too long and works well for recurring revenue.
How to offer it:
Finally, if clients want to do some of their own website management or learn more about WordPress, you can offer a training package.
Training can be an in-person or virtual service. You can charge clients by the training element – WordPress management, content updates, SEO – or create an annual package with a different training element each month. Either way you do it, training is a great way to build recurring revenue for your WordPress business.
How to offer it:
Now that you have some options for building recurring revenue, choose the services best suited to your business and clients. Be sure to choose services that are manageable and don’t add too much time commitment.
To make earning recurring revenue as easy as possible, invest in tools that streamline processes for you. SolidWP offers valuable security, backups, and multi-site management tools for WordPress businesses.
Get Solid Suite and start building recurring revenue now!
The post 12 Ways to Build Recurring Revenue for Your WordPress Business appeared first on SolidWP.
]]>This release takes a much more forceful approach to helping users understand and avoid insecure configurations of the IP detection method used by Solid Security to protect sites from malicious activities.
The post Solid Security Improves Users’ Ability to Protect Sites from Malicious Activities appeared first on SolidWP.
]]>This release takes a much more forceful approach to helping users understand and avoid insecure configurations of the IP detection method used by Solid Security to protect sites from malicious activities.
Beginning in October, 2022 with the release of versions 7.2.2 (Pro) and 8.1.3 (Basic), Solid Security added an “Insecure” label to the legacy “Automatic” Proxy Detection option. This label was intended to help users avoid a configuration that would allow attackers to trivially bypass IP-based bans and lockouts by spoofing their IP addresses.
In this release, Solid Security removes the “Automatic (Insecure)” Proxy Detection option. Any sites that had previously used this configuration will, after upgrading to this release, reflect that the Proxy Detection method is “Unconfigured” instead. Site administrators will see a prominent warning indicating that key Solid Security modules are disabled until the IP Detection method is properly configured. Disabled modules include:
Other features, including the Firewall and CAPTCHA modules, will operate with reduced functionality until the IP Detection module is configured.
All of the affected components of Solid Security rely upon accurately determining the IP addresses of site visitors. Sites that had been using the now-removed “Automatic (Insecure)” Proxy Detection method appeared to have been benefiting from those components, but for all but the least sophisticated attacks, this was security theater.
The latest changes now more accurately reflect the actual state of site security and will hopefully encourage the adoption of more secure configurations.
Users of Solid Security Basic will see some additional changes when installing the plugin for the first time on a given site. Explanations of relevant options that have been updated for additional clarity, and the interface has been enhanced to hopefully make the choices easier to understand. If the user chooses not to enable Security Check Pro (the feature which automatically detects the correct IP detection method for the site’s hosting setup), a new question will appear which requires the user to make a decision regarding the site’s server setup.
The onboarding process for new installations of Solid Security Pro is unchanged in this release. This is due to the fact that Security Check Pro is enabled by default in Solid Security Pro installations.
To learn more about these changes, check out Why Are Some Features Not Available? in Solid Security product documentation.
This release also incorporates visual enhancements, including tweaks to the alignment of some table headings, and an adjustment to the way the “Solid Security Pro” title image appears in certain email clients in messages sent after a site scan is complete.
This release also squashes a few bugs:
The post Solid Security Improves Users’ Ability to Protect Sites from Malicious Activities appeared first on SolidWP.
]]>The post Unlocking Efficiency: New Features in Solid Central Streamline Multisite Management appeared first on SolidWP.
]]>We recently released the Tagging feature in Solid Central that benefits customers managing a large number of connected sites.
We’ve also added Tagging to the Single Site View. You will see the tags associated with that site and a new Tags tab where you can edit the tags for that particular site.
In the Reports Section of Solid Central, you can now bulk delete multiple reports at one time.
You can also search for reports using the search function.
With this new release, you can sort by function (ascending or descending): Report name, Start Date, or End Date. You can also hide columns in the table view.
Under Bulk edit, you can now change the layout to a grid with a teaser image of each of your reports.
These updates to Solid Central mark a significant enhancement in managing sites effectively. The introduction of the Tagging feature allows for better organization and customization tailored to individual site needs.
Furthermore, the improvements made to the Reports Section offer users enhanced functionality and efficiency.
Overall, these updates reflect our commitment to continuously enhancing Solid Central’s capabilities to meet the evolving needs of our users, empowering them with greater control and efficiency in managing their sites. We look forward to further innovations and developments as we strive to deliver an even more seamless and user-friendly experience in the future.
The post Unlocking Efficiency: New Features in Solid Central Streamline Multisite Management appeared first on SolidWP.
]]>The post WordPress Vulnerability Report — March 20, 2024 appeared first on SolidWP.
]]>Additionally, there are 16 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress 6.4.3 was released on January 30, 2024, as a short-cycle maintenance and security release with five bug fixes in Core and 16 bug fixes for the Block Editor. It is recommended that you update your sites immediately.
The next major release will be version 6.5, planned for March 26, 2024.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
The post WordPress Vulnerability Report — March 20, 2024 appeared first on SolidWP.
]]>The post WordPress Vulnerability Report — March 13, 2024 appeared first on SolidWP.
]]>Additionally, there are 13 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress 6.4.3 was released on January 30, 2024, as a short-cycle maintenance and security release with five bug fixes in Core and 16 bug fixes for the Block Editor. It is recommended that you update your sites immediately.
The next major release will be version 6.5, planned for March 26, 2024.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
The post WordPress Vulnerability Report — March 13, 2024 appeared first on SolidWP.
]]>The post Solid Security Pro Feature Spotlight: Trusted Devices appeared first on SolidWP.
]]>All of the features in Solid Security Pro are designed to help you lock down, secure, and protect your WordPress site. In this post, we highlight the Trusted Devices feature in Solid Security Pro and share a bit about why we developed the feature, who the feature is for, and how to use the feature.
The Trusted Devices feature in the Solid Security Pro plugin works to identify the devices that you and other users use to log in to your WordPress site. After your devices are identified, we can stop session hijackers and other bad actors from doing any damage on your website.
When a user has logged in on an unrecognized device, Trusted Devices can restrict their administrator-level capabilities. This means that if an attacker were able to break into the backend of your WordPress site, they wouldn’t have the ability to make any malicious changes to your website.
Solid Security Pro will also send you an email that lets you know that someone logged into your site from an unrecognized device. The email includes an option to block the hacker’s device.
Let’s unpack three big reasons you need Trusted Devices to protect your WordPress site.
Let’s say you follow all of the WordPress security best practices to protect your user account. Not only do you use a unique, strong password for every site, but you also lock down all of your online accounts with two-factor authentication. You are a good example of what it looks like to take WordPress security seriously.
Yet, even with all of the security measures you put into place, somehow, your website was still hacked. And, to make matters worse, the attacker used your WordPress user account to hack the site. How did this happen to you?
Unfortunately, even if you do everything right to secure your WordPress user account, there are still methods that hackers can use to exploit your account that are related to other software you may be using.
For example, WordPress generates a session cookie every time you log into your website. And, let’s say that you have a browser extension that has been abandoned by the developer and is no longer releasing security updates. Unfortunately for you, the neglected browser extension has a vulnerability. The vulnerability allows bad actors to hijack your browser cookies, including the earlier-mentioned WordPress session cookie. This type of hack is known as Session Hijacking. So, an attacker can exploit the extension vulnerability to piggyback off your login and start making malicious changes to your WordPress user.
Pretty crummy, right? We agree, so we created a way to protect your account, even when bad actors can find and exploit other vulnerabilities. That’s where Trusted Devices comes in. With the Solid Security Pro plugin, you can identify the devices that you and other users log in to your WordPress site. Any logins from unknown devices will be blocked, adding another strong layer of security to your site.
The primary benefit of Trusted Devices is that it makes Session Hijacking a thing of the past. If a user’s device changes during a session, Solid Security will automatically log the user out to prevent any unauthorized activity on the user’s account, such as changing the user’s email address or uploading malicious plugins.
To get started with Trusted Devices, navigate to the security settings Features menu in your WordPress admin dashboard. From this screen, enable Trusted Devices. After enabling Trusted Devices, click the settings cogwheel.
In the Trusted Devices settings, enable the Restrict Capabilities and Session Hijacking Protection features.
Click the User Groups link to enable Trusted Devices for specific users.
After enabling the new Trusted Devices setting, users will receive a notification in the WordPress admin bar about pending unrecognized devices. If your current device hasn’t been added to the trusted devices list, click the Confirm This Device link to send the authorization email.
Click the Confirm Device button in the Unrecognized Login email to add your current devices to the Trusted Devices list.
Additionally, you have the option to signup for some third-party APIs to improve the accuracy of the Trusted Devices identification and to use static image maps to display the approximate location of an unrecognized login. Check out the Trusted Devices setting to see what integrations are available.
We didn’t think it was fair for you to do all the work to secure your website, just for some hacker to find a vulnerability loophole. The Trusted Devices feature in Solid Security Pro allows you to restrict access to your site’s backend to a list of approved devices. Now that is awesome!
Solid Security, our WordPress security plugin, gives you 30+ ways to secure and protect your WordPress site. On average, 30,000 new websites are hacked each day. WordPress sites can be an easy target for attacks because of plugin vulnerabilities, weak passwords, and obsolete software.
Most WordPress admins don’t know they’re vulnerable, but Solid Security works to lock down WordPress, fix common holes, stop automated attacks, and strengthen user credentials. With advanced features for experienced users, our WordPress security plugin can help harden WordPress.
The post Solid Security Pro Feature Spotlight: Trusted Devices appeared first on SolidWP.
]]>The post Solid Backups Maintenance Release 9.1.10 appeared first on SolidWP.
]]>The 9.1.10 release is available now via automatic updates in WordPress sites where Solid Backups is installed. You may also download it from your SolidWP member panel at my.solidwp.com.
The post Solid Backups Maintenance Release 9.1.10 appeared first on SolidWP.
]]>The post Solid Central Streamlines Site Management with New Tagging Feature appeared first on SolidWP.
]]>In your Solid Central Dashboard, click the drop-down arrow for the site you wish to add a tag to.
Click on the Tags tab.
Click the Edit icon.
A pop-up will appear. Click on Create a new tag.
Enter the Tag Name and Description if applicable. Choose a color for your tag and click Save.
You will now see the tag(s) associated with that site.
To search for sites with a particular tag, click Filter Websites. Then choose the tag(s) you want to filter. Only sites with the tags you chose will be listed.
Solid Central lets you manage multiple websites with ease. And the latest update marks a significant leap forward in site management capabilities. With the enhanced tagging and filtering features, brands overseeing a multitude of connected sites can now streamline their workflow like never before. This dynamic enhancement not only boosts efficiency but also provides a more intuitive and user-friendly experience.
The post Solid Central Streamlines Site Management with New Tagging Feature appeared first on SolidWP.
]]>The post WordPress Vulnerability Report — March 6, 2024 appeared first on SolidWP.
]]>Additionally, there are 49 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress 6.4.3 was released on January 30, 2024, as a short-cycle maintenance and security release with five bug fixes in Core and 16 bug fixes for the Block Editor. It is recommended that you update your sites immediately.
The next major release will be version 6.5, planned for March 26, 2024.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
The post WordPress Vulnerability Report — March 6, 2024 appeared first on SolidWP.
]]>