WordPress Plugins


Hacking 27% of the Web via WordPress Auto-Update

At Wordfence we continually look for security vulnerabilities in the third party plugins and themes that are widely used by the WordPress community. In addition to this research, we regularly examine WordPress core and the related wordpress.org systems. Recently we discovered a major vulnerability that could have caused a mass compromise of the majority of WordPress sites.

The vulnerability we describe below may have allowed an attacker to use the WordPress auto-update function, which is turned on by default, to deploy malware to up to 27% of the Web at once.

Choosing the most damaging target to attack

The server api.wordpress.org (or servers) has an important role in the WordPress ecosystem: it releases automatic updates for WordPress websites. Every WordPress installation makes a request to this server about once an hour to check for plugin, theme, or WordPress core updates. The response from this server contains information about any newer versions that may be available, including if the plugin, theme or core needs to be updated automatically. It also includes a URL to download and install the updated software.

api-normal - Hacking 27% of the Web via WordPress Auto-Update

Compromising this server could allow an attacker to supply their own URL to download and install software to WordPress websites, automatically. This provides a way for an attacker to mass-compromise WordPress websites through the auto-update mechanism supplied by api.wordpress.org. This is all possible because WordPress itself provides no signature verification of the software being installed. It will trust any URL and any package that is supplied by api.wordpress.org.

api-compromised - Hacking 27% of the Web via WordPress Auto-Update

WordPress powers approximately 27% of all websites on the Internet. According to the WordPress documentation: “By default, every site has automatic updates enabled for minor core releases and translation files.”. By compromising api.wordpress.org, an attacker could conceivably compromise more than a quarter of the websites worldwide in one stroke.

Below we describe the technical details of a serious security vulnerability that we uncovered earlier this year that could compromise api.wordpress.org. We reported this vulnerability to the WordPress team via HackerOne. They fixed the vulnerability within a few hours of acknowledging the report. They have also awarded Wordfence lead developer Matt Barry a bounty for discovering and reporting it…

Read the article: Hacking 27% of the Web via WordPress Auto-Update – Wordfence

How to Future-Proof your Website in 4 Easy Steps

How To Future-Proof Your WordPress Website In 4 Easy Steps 

Future-proofing your site is an aspect of site development that many users neglect until it’s too late. It’s a simple process that shouldn’t eat into your schedule too much. In any case, the benefits far outweigh the additional time spent keeping on top of it all.

In this post, the author suggests four important steps to help you future-proof your site:

  1. Sign up with a reputable hosting provider.
  2. Create regular backups of your website.
  3. Select themes and plugins from trustworthy developers.
  4. Use a child theme to preserve your changes.

Read the full article: How to Future-Proof your Website in 4 Easy Steps >

Source: How To Future-Proof Your WordPress Website In 4 Easy Steps | @thetorquemag

15 Essential WordPress Plugins For Photographers 

15 Essential WordPress Plugins For Photographers

This article talks about some useful, essential and totally free WordPress plugins meant for photographers and photography sites.

I have used and I also have friends who use ‘Meta Slider’, ‘NextGEN Gallery’ and ‘Pinterest Pin It Button’ with success:

  • Meta Slider – will display great looking photos on your header
  • NextGEN Gallery – Jetpack has many features for your Photos and Photo Galleries. Use NextGEN Gallery if additionally to photo Galleries you also want to display Photo Albums.
  • Pinterest Pin It Button – makes it very easy for users to pin images to Pinterest.

WordPress makes it really easy to create a photo blog or run an online portfolio of your images. As such, many photographers, both professionals, and hobbyists alike, tend to use WordPress to showcase their works online.

You still need to cater to popular photo-centric platforms, such as Flickr or 500px, but having your own website with a showcase of your images goes a long way in establishing your identity online.

If you are looking to create a photography website using WordPress, where should you begin? You can, obviously, use WordPress plugins to do more with your website. This article talks about some useful WordPress plugins for photographers and photography sites.

15 Essential WordPress Plugins For Photographers

Image Optimization

1. WP Smush

We know that images can be really heavy in terms of combined size. If all you do is upload the odd featured image or two, you have nothing to worry about. But if you are running a photography site, you need to be wary of the file size. Larger images can slow down your site.

WP Smush is a simple plugin that lets you compress and optimize your images on the fly. You can simply upload photos as usual, and WP Smush takes care of the rest.

You should also note that for image optimization plugins, there are so many choices. I chose WP Smush simply on account of its popularity, it has over 500,000 active installations. There are other, equally worthy, alternatives out there. If you wish to browse through image optimization plugins and read some benchmarks or comparison tests, this particular blog post might be of help.

2. Imsanity

Imsanity can automatically resize the images that you upload to your site. Considering the fact that most professional photographers work with large images, and not always web-friendly dimensions, Imsanity can do the hard work for you.

imsanity wordpress plugins

The plugin works by scaling down all the uploaded images as per the max width, height and quality specifications configured by you. Additionally, Imsanity can also convert formats such as BMP to JPG for web friendly output.

Image Management

3. Post Thumbnail Editor

Different WordPress themes have different dimensions specified for thumbnails. While for the most part, WordPress does a very good job at cropping images, Post Thumbnail Editor offers you better and more granular control over your image thumbnails. It gives you the ability to crop and scale the thumbnails to fit any requirements.

post thumbnail wordpress plugins

Note that if you change a WordPress theme and the thumbnails are the wrong size, Regenerate Thumbnails might a better fix for the problem.

4. Easy Watermark

Though not all photographers want a watermark on their photos, some find it incredibly useful. If you need to add watermarks to any image that you upload to your site, Easy Watermark can help you.

easy watermark

This plugin lets you add watermarks to your images, both new ones that you upload as well as any previous ones that you had uploaded in the past. You can also choose to restore the original images by removing the watermark.

5. Media Library Assistant

Media Library Assistant offers several enhancements for your media library. It comes with custom shortcodes, that perform various functions. You can create galleries, add EXIF and other metadata to your media files, display files on the basis of taxonomy, and even search across media files from the frontend.

media library assistant

Additionally, this plugin integrates with the default WP Media Library, so it’s easy to learn.

6. PhotoPress

PhotoPress lets you add metadata to your images. You can add or import data such as XMP, EXIF or IPTC tags for your photos.


You can extend this plugin by means of addons, and even use it to create basic galleries. Note that, however, this plugin has a little over 200 active users, and is not very popular as compared to the others.


7. Easy Digital Downloads

Easy Digital Downloads (or EDD) is an eCommerce plugin meant for folks looking to sell digital products (yes, photos) on their site.

EDD comes with all the features that you might expect from an eCommerce solution — you get detailed sales statistics, easy addition and deletion of discounts and offers, support for multiple payment gateways, ability to extend the plugin further by means of extensions or addons, and so on.

Of course, WooCommerce is still the most popular choice for WP eCommerce, but for digital products such as photos, EDD has always been my preferred tool.

8. Sell Media

Sell Media, as the name suggests, lets you sell media files, such as photos, on your website. You can sell, license or protect your images, create a stock photo site, or even charge a licensing fee.

sell media wordpress plugins

PayPal integration is offered by default, but you can add other payment gateways and features by means of extensions, such as MailChimp integration or offsite cloud backups of your content.

Image Display (Gallery and Sliders)

9. NextGEN Gallery

NextGEN Gallery has had over 15 million downloads and continues to receive almost a million new users per year. The numbers speak for themselves — this is the most popular plugin for creating a gallery in WordPress.


You can batch upload, edit metadata and arrange and sort your images to create a gallery. The plugin also has a Pro version. If you are looking to create stunning galleries, NextGEN Gallery is a worthy choice.

10. Foo Gallery

Foo Gallery is another popular WordPress plugin for gallery management. Its set of features is the same as NextGEN Gallery, and you can extend it functionality by means of paid addons.

foo gallery

Foo Gallery uses a Gallery custom post type to help you create galleries. You can use shortcodes to embed and display galleries anywhere on your site. Foo Gallery also has a NextGEN Gallery import tool.

11. Simple Lightbox

Simple Lightbox lets you do what its name suggests — add a lightbox to your site.

simple lightbox wordpress plugins

You can customize the appearance of the lightbox, resize it to fit the viewport, use it with various themes, and choose when and where to display it.

12. Meta Slider

There are various WordPress plugins when it comes to creating sliders, and Meta Slider is one such extremely popular plugin.

With over 700,000 active installations, Meta Slider lets you create slideshows with different layouts, types and design. All sliders are responsive, SEO friendly, and the plugin also comes with smart cropping for photos.

Meta Slider has a Pro version as well which lets you work with video slides too, in addition to image sliders.

13. Photographers Galleries

Photographers Galleries can add CSS3 carousels to your galleries without using any external JavaScript. It claims to have been built “with the needs of professional photographers in mind, with the use paradigms you already find in Flickr or 500px”.

photographers wordpress plugins

Note that it is a rather lesser known plugin, and currently has under 100 active installations.

Social Plugins

You should consider adding social sharing buttons for various popular networks. However, since Pinterest and Instagram are image-centric social networks, the following plugins focus on these two in particular.

14. Pinterest Pin It Button on Image Hover and Post

Pinterest Pin It Button on Image Hover and Post adds a “Pin It” button for your images. When the user hovers the cursor over a given image, the button is displayed and lets the user share the image on Pinterest.


You can choose to enable or disable the button selectively for mobile devices as well.

15. WP Instagram Widget

WP Instagram Widget lets you showcase your Instagram photos in the form of a widget.

instagram wordpress plugins

If Instagram does not interest you or if you are more of a Flickr user, the Flickr Album Gallery plugin is worth looking at.


There you have it, 15 WordPress plugins meant especially for photographers. Also, you should by all means install plugins for caching as well, or invest in a CDN for your images. Jetpack Photon is a free and amazing option, if all you are serving is images.

Similarly, do not ignore the importance of a good SEO plugin as well as a security plugin. Your WordPress site needs to be kept secure from malicious folks. Plus, with proper SEO optimization, your work may not get the exposure it deserves!

Which of the above free WordPress plugins do you use on your photography website? Share the list in the comments below!

Sufyan bin Uzayr writes for various magazine and blogs, and has authored several books. He blogs about technology, Linux and open source, mobile, web design and development, typography, and Content Management Systems at Code Carbon. You can learn more about him, follow him on Twitter or friend him on Facebook and Google+.

Source: 15 Essential WordPress Plugins For Photographers | @thetorquemag

Wordfence Announces New Firewall

FirewallThis morning at 9am Pacific time we rolled out a new kind of firewall to over 1 Million active WordPress websites.  It comes with a Threat Defense Feed that updates our firewall as new threats emerge. It also continuously updates our malware scan as we discover new malware patterns through our forensic research.

If you have auto-update enabled in Wordfence, you will automatically be upgraded to 6.1.1 today which will include the new features. You can manually update by signing into your WordPress site and upgrading to Wordfence to 6.1.1 or you can download Wordfence from the official WordPress plugin repository

Read the full article >

The Panama Papers

The Panama PapersMossack Fonseca (MF), the Panamanian law firm at the center of the so called Panama Papers Breach may have been breached via a vulnerable version of Revolution Slider. The data breach has so far brought down the Prime Minister of Iceland and surrounded Russian President Putin and British Prime Minister David Cameron with controversy, among […]

Source: Mossack Fonseca Breach – WordPress Revolution Slider Plugin Possible Cause – Wordfence

Need Training on how to protect your WordPress website? Learn more >

%d bloggers like this: