Category Tech News & Tips

Tech News & Tips

WordPress deploys forced security update for dangerous bug in popular plugin!

WordPress deploys forced security update for dangerous bug in popular plugin More than one million WordPress sites were running a vulnerable version of the Loginizer plugin The WordPress security team has taken a rare step last week and used a…

Bella Ferato
Oct 22, 2020

Tech News & Tips

WordPress 5.6 Release Team Pulls Plug on Block-Based Widgets

WordPress 5.6 Release Team Pulls Plug on Block-Based Widgets One week ago, WordPress 5.6 release lead Josepha Haden seemed to agree that it would be ready. However, things can change quickly in a development cycle, and tough decisions have to…

Bella Ferato
Oct 21, 2020

Tech News & Tips

Always Up. Always On. Always Here For You!

Always Up. Always On. Always Here For You! Start your Technology Adventure with US!

Bella Ferato
Oct 21, 2020

Tech News & Tips

FREE! VPN Tested BY USL Admins

Yes Totally Free VPN tested by USL Admins. Able to watch Netflix in other countries etc..

Bella Ferato
Oct 21, 2020

Tech News & Tips

Nokia is building a 4G network on the moon

Nokia is building a 4G network on the moon Telecom equipment supplier Nokia is building a 4G network on the moon to help astronauts control lunar rovers, navigate lunar geography in real time, and stream videos. NASA gave Nokia-owned Bell…

Bella Ferato
Oct 20, 2020

Tech News & Tips

Google can now help you figure out that song stuck in your head — you just have to hum into your phone

Google just launched its “hum to search” feature, which allows users to hum, whistle, or sing for 10-15 seconds in order to identify a song. The feature currently works in 20 languages, and Google hopes to add more. Google has…

Bella Ferato
Oct 20, 2020

Tech News & Tips

Circuit sensor tattoos: The future of bio-metrics

Circuit sensor tattoos: The future of bio-metrics Wearable circuit tattoos may soon be a revolutionary technology that could help monitor one’s health. Scientists from Penn State University who developed the circuit sensor tattoos were able to print circuits directly onto…

Bella Ferato
Oct 17, 2020

Tech News & Tips

Demo Radio Click On Play Button to Listen!

Demo Radio Click On Play Button to Listen

Bella Ferato
Oct 17, 2020

Tech News & Tips

Did you Know?

Did you know? Most internet traffic isn’t from real humans. About 51% of internet traffic is non-human. Over 30% is from hacking programs, spammers, and phishing. Be careful with your computer security!

Bella Ferato
Oct 17, 2020

Tech News & Tips

Uni-lab Hardware Supplier, our go to Company G-tec

Uni-lab Hardware Supplier, our go to Company G-tec Contact Gideon 066 238 0550 today Email: gideon@sa-gtec.co.za Website: I Supply & Deliver to your Door.

Bella Ferato
Oct 12, 2020

Universal Solutions Lab - Internet Services

17 hours ago

Facebook & Instagram embeds on WordPress break soon

yoast.com/facebook-instagram-embeds-broken/

Some time ago, Facebook announced that it would change the way it handles embeds on other sites. From October 24, you can no longer simply paste your links in WordPress to make your Facebook and Instagram content appear on your site. Because of this matter, WordPress has to drop support for the Facebook oEmbed API. Now, you have to switch to a Facebook developer account and register an app to get an access token. Luckily, there are easier ways to keep your embeds working.

What will happen?
Up until now, you could simply paste a link to a Facebook or Instagram post in your WordPress post. WordPress would take that URL and automatically turn it into a nice looking embed. As of October 24, this is no longer possible without some work from your end. Also, not doing anything might mean your current embeds stop working as well. There’s a chance some of the content you’ve embedded content on your pages breaks.

Why is this happening?
There is an open standard to make sure embeds work well everywhere and that is called oEmbed. By using this, every platform can authenticate shared content in a similar way. Unfortunately, Facebook will now drop support for oEmbed and require users to use its own API’s.

That’s all fine, but WordPress as a platform can’t follow that move. WordPress cannot sign you up for that Developer account and register itself as an app. WordPress can’t claim ownership over that app, so that’s why this feature will be dropped from core in WordPress 5.5.2.

Next week, your Facebook and Instagram embeds will probably stop working and you will need to take the necessary steps to prevent this from happening — and to keep that easy way to embed your Facebook and Instagram content on your WordPress site.

What can you do?
To keep everything working, Facebook would really like you to put in the effort. Their solution is for you to sign up for a Developer account, register an app, add an oEmbed Product to that app, create an access token, et cetera, et cetera. You can find more on Facebook’s oEmbed documentation.

As you can see, that’s simply not a viable option for most people. So, what are your options to get embeds working like they used to?

Use Facebook’s method, which is complicated and messy.
Use the oEmbed Plus WordPress plugin that reinstates embedding for Facebook and Instagram content. While easier, this still requires you to go through the process of registering a Facebook developer account and create an app ID.
Use Smash Balloon’s updated Facebook and Instagram plugins. These plugins fix the oEmbed issue, while keeping all your existing content working. The free versions of these plugins work well, but the paid Pro versions have many more features should you need them.
Use Jetpack: For Jetpack 9.0, the development team worked with Facebook to provide a simple way to make everything work and to keep it that way. All you need to do is connect your site to Jetpack. ... See MoreSee Less

Facebook & Instagram embeds on WordPress break soon • Yoast

yoast.com

Facebook changed how it handles embeds, but WordPress can't support the new method natively. Luckily, you can re-enable FB & Instagram embeds

View on Facebook

View Comments

Likes: 0
Shares: 0
Comments: 0

Comment on Facebook Facebook changed how...

Universal Solutions Lab - Internet Services

19 hours ago

OMG! You have to see this. Just Incredible!
Mind-Blowing Modern Tiny Tree House Built with Reclaimed Materials - FULL TOUR
youtu.be/WGaICSbCr1c ... See MoreSee Less

View on Facebook

View Comments

Likes: 0
Shares: 0
Comments: 1

Comment on Facebook This epic 2-storey ...

Universal Solutions Lab - Internet Services

20 hours ago

Have a great Friday, Let's roll Baby!😎🤣 ... See MoreSee Less

View on Facebook

View Comments

Likes: 1
Shares: 0
Comments: 1

Comment on Facebook Have a great Friday,...

Have a great Friday, Let's roll Baby!😎🤣

Universal Solutions Lab - Internet Services

2 days ago

Faster than a Bugatti! The SSC Tuatara sets a ridiculous new record, and it costs R26.5m
Meet The Hypercar That Has Room For The Kids

Meet the $1.7 million hypercar that has room for the kids. The Koenigsegg Gemera, unveiled March 2020, is described as "The world's first Mega-GT". Ii is the swedish company's first four-seater. The Gemera goes from 0 to 100 KM/H in 1.9 seconds.

youtu.be/N22JfNHiC1k ... See MoreSee Less

View on Facebook

View Comments

Likes: 0
Shares: 0
Comments: 0

Comment on Facebook Top Gear can ...

Universal Solutions Lab - Internet Services

2 days ago

📌WordPress deploys forced security update for dangerous bug in popular plugin
More than one million WordPress sites were running a vulnerable version of the Loginizer plugin📌

www.zdnet.com/article/wordpress-deploys-forced-security-update-for-dangerous-bug-in-popular-plugin/

The WordPress security team has taken a rare step last week and used a lesser-known internal capability to forcibly push a security update for a popular plugin.

WordPress sites running the Loginizer plugin were forcibly updated this week to Loginizer version 1.6.4.

This version contained a security fix for a dangerous SQL injection bug that could have allowed hackers to take over WordPress sites running older versions of the Loginizer plugin.

Loginizer is one of today's most popular WordPress plugins, with an installbase of over one million sites.

The plugin provides security enhancements for the WordPress login page. According to its official description, Loginizer can blacklist or whitelist IP address from accessing the WordPress login page, can add support for two-factor authentication, or can add simple CAPTCHAs to block automated login attempts, among many other features.

SQL INJECTION DISCOVERED IN LOGINIZER
This week, security researcher Slavco Mihajloski disclosed a severe vulnerability in the Loginizer plugin.

According to a description provided by the WPScan WordPress vulnerability database, the security bug resides in Loginizer's brute-force protection mechanism, enabled by default for all sites where Loginizer is installed.

To exploit this bug, an attacker can try to log into a WordPress site using a malformed WordPress username in which they can include SQL statements.

When the authentication fails, the Loginizer plugin will record this failed attempt in the WordPress site's database, along with the failed username.

But as Slavco and WPScan explain, the plugin doesn't sanitize the username and leaves the SQL statements intact, allowing remote attackers to run code against the WordPress database — in what security researchers refer to as an unauthenticated SQL injection attack.

"It allows any unauthenticated attacker to completely compromise a WordPress website," Ryan Dewhurst, Founder & CEO of WPScan, told ZDNet in an email today.

Dewhurst also pointed out that Mihajloski provided a simple proof-of-concept script in a detailed write-up published earlier today.

"This allows anyone with some basic command-line skills to completely compromise a WordPress website," Dewhurst said.

FORCED PLUGIN UPDATE RECEIVES PUBLIC BACKLASH
The bug is one of the worst security issues discovered in WordPress plugins in recent years, and it's why the WordPress security team appears to have decided to forcibly push the Loginizer 1.6.4 patch to all affected sites.

Dewhurst told ZDNet that this "forced plugin update" feature has been present in the WordPress codebase since v3.7, released in 2013; however, it has used very rarely.

"A vulnerability I myself discovered in the popular Yoast SEO WordPress plugin back in 2015 was forcibly updated. Although, the one I discovered was not nearly as dangerous as the one discovered within the Loginizer WordPress plugin," Dewhurst said.

"I'm not aware of any other [cases of forced plugin updates], but it is very likely that there have been others," the WPScan founder added.

But there's a reason why the WordPress security team doesn't use this feature for all plugin vulnerabilities and uses this only for the bad bugs.

As soon as the Loginizer 1.6.4 patch started reaching WordPress sites last week, users started complaining on the plugin's forum on the WordPress.org repository.

"Loginizer has been updated from 1.6.3 to 1.6.4 automatically although I had NOT activated this new WordPress option. How is it possible?," asked one disgruntled user.

"I have the same question too. It has happened on 3 websites I look after of which none of them have been set to auto update," said another.

Similar negative feedback was also seen back in 2015 when Dewhurst first saw the plugin forced update feature being deployed by the WordPress team. ... See MoreSee Less