A WordPress plugin called the Crawlomatic Multisite Scraper Post Generator Plugin for WordPress has been found to have a critical vulnerability that allows anyone to upload malicious files to affected websites.
The plugin, which allows users to crawl forums, weather statistics, and articles from RSS feeds, is sold via the Envato CodeCanyon store.
The plugin’s Envato CodeCanyon web page features a banner recognising the plugin’s author as meeting WordPress quality standards and a badge indicating its compliance with Envato’s security, quality, performance, and coding standards.
The plugin can crawl and scrape virtually any website, including JavaScript-based ones, promising to turn a user’s website into a “money-making machine.”
However, the plugin is missing a filetype validation check in all previous versions, including version 2.6.8.1, making it vulnerable to arbitrary file uploads.
Wordfence recommends users update to at least version 2.6.8.2.
Google has improved its security systems, revealing that AI is crucial in protecting users from scams. The company claims to catch 20 times more scam pages before they appear in search results compared to three years ago.
Google’s AI systems can now identify sophisticated scams, spotting networks of fake websites that might look real when viewed alone. The most effective areas are fake customer service and fake official sites.
Google is expanding its scam-fighting to Chrome and Android, using Gemini Nano, an AI model that analyses websites in real time to spot dangers.
For mobile users, Google has added AI warnings in Chrome for Android and scam detection in Google Messages and Phone.
Using large language models, Google is also improving its ability to fight scams across languages.
A WordPress bug is causing WooCommerce sites to display a fatal error, crashing ecommerce sites.
The problem originates from a single line of code, and a workaround has been created. The WooCommerce team is aware of the issue and is working on issuing a permanent fix in the form of a patch.
The issue has been reported on the WordPress.org support forums, with most responding that they had not recently done anything to their sites. A temporary workaround was offered by editing a single line of code in the BlockPatterns.php file, which is a WooCommerce file.
The WooCommerce team is aware of the problem and is actively addressing it. A quick fix was posted on the official GitHub repository, which will solve the problem for now. However, some sites may still have a bad cache value, and patch updates will be released to fix that.
Some users have reported difficulties with their WP Engine site after implementing the fix, as WP Engine has multiple caches that need to be updated.
Google’s Search Relations team has released a new video on SEO Office Hours featuring Martin Splitt, who addresses the issue of unwanted noindex tags that prevent pages from appearing in search results.
Splitt explains that these tags can be found in various sources, including source code, JavaScript, and third-party JavaScript. A/B testing tools can also cause this issue, as they may add noindex tags to test versions of pages without users realising it.
If a Content Delivery Network (CDN) is used, old cached versions may still have noindex tags even after removal. CMS settings and plugins may also add noindex tags without users knowing.
Splitt emphasises the importance of thorough technical SEO checks for SEO professionals, recommending regular crawling with JavaScript-processing tools to understand how search engines interpret pages.
The Progress Planner WordPress plugin has integrated with Yoast SEO, allowing users to optimise their website’s search performance.
The plugin, developed by the same team that created Yoast SEO, aims to help WordPress users maintain their websites at their best. The new functionality extends the plugin’s usefulness by incorporating SEO.
It offers personalised suggestions on how to set the Yoast SEO plugin for maximum performance. Progress Planner’s assistant, Ravi, will provide smart recommendations and check if Yoast SEO users have configured their plugin settings properly.
This is a new functionality, with many others planned.
Progress Planner, a WordPress plugin, has integrated with Yoast SEO to enhance website search performance.
The plugin, developed by the same team who created Yoast SEO, aims to help users maintain their websites for optimal performance. The new functionality extends Progress Planner’s usefulness by incorporating SEO.
It offers personalised suggestions on setting Yoast SEO plugin for maximum performance. Progress Planner’s assistant, Ravi, will provide smart recommendations and guide users to their next best task. The plugin will also check if Yoast SEO users have properly configured their plugin settings and encourage corrections.
This is a new functionality, with many more planned.
Automattic has announced that Matt Mullenweg will terminate 16% of its employees to increase productivity and investment capacity.
The company is currently in a period of growth and profitability, six months after over 8% of employees resigned. The decision to terminate employees is not based on survival or avoiding decline but rather on becoming more profitable.
The terminated employees may have enjoyed working at the company enough to decline the severance package offered six months ago. Former Automattic software engineers have been posting on LinkedIn seeking new jobs, with one Special Projects Engineer, Mike Straw, expressing his desire to reconnect with the company and seek new opportunities.
The company’s decision to terminate employees is not based on survival or avoiding decline but on squeezing more juice out of fewer oranges.
Website operators are experiencing increased activity from AI web crawlers, raising concerns about site performance, analytics, and server resources.
These bots consume significant bandwidth to collect data for large language models, potentially impacting search rankings. AI crawlers from companies like OpenAI, Anthropic, and Amazon represent about 20% of Google’s search crawler volume during the same period.
Significant bot traffic can affect analytics data, with general invalid traffic (GIVT) rising by 86% in the second half of 2024 due to AI crawlers. Identifying and managing these crawlers presents additional challenges as traditional blocking methods prove increasingly ineffective.
To manage resource-intensive crawlers, website owners and SEO professionals should audit server logs, consider implementing Google-Extended in robots.txt, adjust analytics filters, and investigate advanced mitigation options for severely affected sites.
Cybersecurity company HUMAN has introduced a new feature called HUMAN Sightline for its HUMAN Application Protection service.
This feature allows users to defend their SaaS applications with detailed analyses of attacker activities and tracking changes in bot behaviour. It is available at no additional cost as a component of Account Takeover Defence, Scraping Defence, and Transaction Abuse Defence.
HUMAN Sightline is a secondary detection engine that uses purpose-built AI to analyse all malicious traffic in aggregate after the initial block or decision is made. This allows the system to adapt and learn to the attacker’s changing behaviour, allowing it to continue tracking and blocking the attacker.
The Human Defence Platform safeguards the entire customer journey with high-fidelity decision-making that defends against bots, fraud, and digital threats. The solution is aimed at enterprise-level businesses and higher education organisations, depending on their commitment to tracking bot traffic.
A high-severity vulnerability in the All-in-One WP Migration and Backup plugin has been discovered and patched, affecting over five million installations.
The vulnerability requires no user authentication, making it easier for attackers to compromise a website, and has a severity rating of 7.5 (High), below the highest level, Critical.
The vulnerability is called an unauthenticated PHP Object Injection, which requires a user with administrator-level credentials to export and restore a backup with the plugin to trigger the exploit. The plugin processes potentially malicious data during backup restoration without properly verifying it, making exploiting it less straightforward.
Wordfence reports that the vulnerability affects versions up to and including 7.89, and users are recommended to update to the latest version, 7.90.
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
cookielawinfo-checkbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
To Be The Best
Last year marked our 10th Anniversary, and many of our first-year clients are still with us today, thank you. Over the last 11 Years we’ve generated over £500,000,000 of new client sales, enquiries and leads. We have over £150,000,000 of this verified via testimonials, which you can view on our website or at our offices.
We enjoy continued and retained business from over 150 clients in 30 different business sectors. To do this, of course, we must achieve each of our customer's marketing and growth objectives, and in that regard, we are recognised each year as the UK’s No1.
According to 12 different awarding bodies, and 28 winning awards, we are the best marketing agency in the UK, and we have been since 2018. Our awards can be viewed on our website or in our offices.
As the UK’s premier ‘Scale Up’ marketing agency, we are confident that we can help your company too. We now offer an ‘Easy Switch’ service that allows you to make a hassle-free transition from your current agency to us.
If you’re not getting the results your company needs, it’s time for a change.
