Security and Maintenance Release from WordPress as Version 5.1.1

/in , /by

There is a new WordPress version 5.1.1 available for community.  This security and maintenance release introduces 10 fixes and enhancements, including changes designed to help hosts prepare users for the minimum PHP version bump coming in 5.2.

Highlights of this release include:

  • Hosts can now offer a button for their users to update PHP.
  • The recommended PHP version used by the “Update PHP” notice can now be filtered.
  • A pair of security fixes that handle how comments are filtered and then stored in the database. With a maliciously crafted comment, a WordPress post was vulnerable to cross-site scripting.
  • Several minor bug fixes.

WordPress 5.1.1 was a short-cycle maintenance release. Version 5.1.2 is expected to follow a similar two week release cadence.

You can download WordPress 5.1.1 or visit Dashboard → Updates and click Update Now. Sites that support automatic background updates have already started to update automatically.

Display Widgets WordPress Plugin contains Malicious Code to Publish Spam

/in , /by

If you have a plugin called “Display Widgets” on your WordPress website, remove it immediately. The last three releases of the plugin have contained code that allows the author to publish any content on your site. It is a backdoor.

The authors of this plugin have been using the backdoor to publish spam content to sites running their plugin. During the past three months the plugin has been removed and readmitted to the WordPress.org plugin repository a total of four times. The plugin is used by approximately 200,000 WordPress websites, according to WordPress repository. During the past months you would have been warned several times that this plugin has been removed with a ‘critical’ level warning from the WordPress repository.

It turns out that this plugin did have “unknown security issues”. Let’s start with a timeline of what happened to Display Widgets, why it was removed three times from the repository and allowed back in each time and then finally removed again a fourth time a few days ago.

The malicious code is not an exploit. It is a backdoor giving the author access to publish content on websites using the plugin. Thanks to the active WordPress community that have immediately informed WordPress and they removed this plugin immediately from the repository.

Could This Have Been Accidental?

It is worth considering that the plugin author may have accidentally included an external library that contained someone else’s malicious code without realizing it. As per our recent study, it was deliberate and done by the new owner of the plugin who purchased from the original author a few months back.

We shall be releasing a video blog with more inspection and will go into root of this breach. Please keep an eye.

 

Gutenberg and the buzzword around it…

/in , /by

WordPress’s growth is impressive (28.5% and counting) but it’s not limitless — at least not in its current state. We have challenges (user frustrations with publishing and customizing, competition from site builders like Squarespace and Wix) and opportunities (the 157 million small businesses without sites, aka the next big market we should be serving). It’s time for WordPress’ next big thing, the thing that helps us deal with our challenges and opportunities. The thing that changes the world. Automattic has been moving towards offering better support for small businesses with its acquisition of WooCommerce in 2015 and steady commercialization of Jetpack, with plans targeted at business owners. The company is confident to capture even more of the self-hosted small business market by allowing customers to tap into WordPress’ third-party ecosystem. So they need to beat the competition and look for a solution/feature that comforts the users in publishing and design the content.

And that’s Gutenberg. There are a lot of confusion and debated going around it and people gets more disorganized each passing day about it…

However, many vocal opponents to Gutenberg fear with the changes that will come along with it and are concerned that the project is being developed essentially to serve Automattic’s customers and corporate interests. Those who build websites for clients have expressed concerns about how Gutenberg will affect their businesses or whether the brand new interface will drive users away from WordPress. Developers and product owners are eagerly awaiting more answers on what it means for existing plugins and themes in the ecosystem, as the project has yet to iron out some of the more technical details regarding extensibility and support for metaboxes. This naturally raises concerns about Gutenberg’s timeline.

As per Matt Mullenweg, Gutenberg will ship with WordPress 5.0 if not 4.9, but the release will come out when Gutenberg is ready, not vice versa,” Mullenweg said. “We still have target dates to help us think about scope and plan for all the supporting documentation, translation, and marketing efforts, but we’re not going to release anything until Gutenberg become what its team want it to be”

“My life’s work is improving WordPress,” Mullenweg said. “I firmly believe that Gutenberg is the direction that will provide the most benefit to the maximum number of people while being totally in line with core WordPress’s philosophies and commitment to user freedom. So he requested to keep giving them the feedback, and offer to push through the fear together.

I am a firm believer that It’s worth a little discomfort to change the world.”

However, it not only moves the WordPress ecosystem forward, but also moves the whole web forward. Which is scary! Because change always is, and this is a big one. But a scary thing is usually a thing that leads to growth, if you can push through it. Ten years ago, agencies and developers worried that software like WordPress would ruin their business because clients wouldn’t need help updating their sites any more, and would maybe even just start building their own sites. But their worst fears didn’t come true — instead, it created new opportunities for everyone.

Ok we agree…

Gutenberg is an exciting, ambitious project, but one that perhaps not entirely sure is necessary. If WordPress core is going to fundamentally change the way I create content without giving me a choice, I want as much information and user research data as possible to convince me that it’s the better option. It may seem odd that these questions and concerns are being raised six months into the project but at the same time, development has moved so fast, it feels like the opportunity to have them addressed at the beginning was missed.

Revamping the editor experience is a massive undertaking and, six months in, it’s not better than the editor I use today. It will need to address a lot of issues if it’s going to beat the current WordPress editor itself, leave apart the other editor competition. Additionally, Gutenberg needs as many testers as possible if it’s going to be the best editor in its class. For instructions on how and what to test, read the Gutenberg testing guide on the Make WordPress Testing site.

Gutenberg has been in development for six months and is ready for testing, but its developers do not recommend using it on production sites. If you install the beta version and play around it, At first glance, it may appear that WordPress is trying to copy its more recent competitors (Medium, Squarespace, Wix, and others) to keep pace, but the 14-year-old software has offered many of these content capabilities for years.

And I strongly believe that the developers at Gutenberg need to think more in-depth and techno-creative in order to make it compete with other editors and make more sense if they are aiming at it as a website design tool if not general publishing at all.

We can’t really conclude this discuss as of now as we need to see more of Gutenberg and its progress as a tool for publishing and to study the ultimate motive of Automattic. We will leave this discussion open and will publish more on it. I would like to hear from you on this. Please feel free to leave your comment.

Join these great brands today

We are proud to have earned the trust of so many clients over the past many years. A trust on a total commitment to quality solutions that deliver high-impact results. The fact is, we love to make our customers the HEROES.

 

Newsletter

This field is for validation purposes and should be left unchanged.

IT solutions, leveraging industry leading technologies to drive real business results for clients.

Latest from our blog

Contact Us

Registered Address: 481, Sanskriti Apartments, Sector 19B, Dwarka, New Delhi – 110075, India

Operations: 4TH Floor, Plot #94, Sector-13, Dwarka, New Delhi -110078, India.

Call: +91 981-140-1177
Email: info@dreamdax.com

Schedule a call to speak with one of our representatives today!

Schedule a call

© Copyright 2026 | Privacy & Terms | Blog | Career | Discovery Forms