Introduction A critical vulnerability was discovered in a widely-used WordPress backup plugin, putting approximately 50,000 websites at risk of Remote Code Execution (RCE) attacks. This security flaw highlights the ongoing importance of keeping WordPress plugins updated and maintaining strong security practices. What Happened? Security researchers identified a critical vulnerability in a popular WordPress backup plugin […]

AEGIS is an AES-based family of authenticated encryption algorithms that are significantly faster than ubiquitous algorithms such as AES-GCM and CHACHA20-POLY1305. The Sodium extension in PHP 8.4 supports AEGIS-128L and AEGIS-256 encryption algorithms if the Sodium extension is compiled with libsodium 1.0.19 or later. The two encryption algorithms in the AEGIS family, AEGIS-128L and AEGIS-256, […]

A researcher hijacked over a dozen Packagist packages, with some having been installed hundreds of millions of times over the course of their lifetime. The researcher reached out to BleepingComputer stating that by hijacking these packages he hopes to get a job. And, he seems pretty confident that this would work. At least 14 Packagist […]

With a handful of new features such as typed class constants, granular Exceptions in the DateTime extension, the new json_validate function, functionality changes and improvements, and deprecations, PHP 8.3 is 2023’s major update to PHP. This article explains how to install or upgrade to PHP 8.3 on macOS using Homebrew. Shivam Mathur maintains two Brew […]

Caddy Server is a modular and modern web server platform that supports automatic HTTPS certificates, QUIC and HTTP/2, Zstd and Brotli compression, and various modern features as well as classic web server features such as configurable virtual hosts, URL rewriting and redirects, reverse proxying, and more. Caddy 2, the current version that was released in […]

WordPress and many WordPress hosts make updates easy with automation. Still, manual updates can be a hassle. Is upgrading PHP worth your time? Absolutely. The benefits of the latest PHP can be narrowed down to speed, security, and compatibility. Increased Speed PHP developers update the language between releases to use resources more efficiently and introduce […]

HTTP/3 is the third major version of HTTP, and is based on QUIC. Unlike HTTP/1.1 and HTTP/2 which relied on TCP, HTTP/3 is based on a multiplexed UDP protocol named QUIC. HTTP/3, along with TLS 1.3, can provide huge performance and latency improvements. Although HTTP/3 changes a lot of transport layer semantics (e.g. the shift […]

The premium WordPress plugin ‘Gravity Forms,’ currently used by over 930,000 websites, is vulnerable to unauthenticated PHP Object Injection. Gravity Forms is a custom form builder website owners use for creating payment, registration, file upload, or any other form required for visitor-site interactions or transactions.On its website, Gravity Forms claims it is used by a […]

PHP provides parse_ini_string and parse_ini_file functions that reuse PHP’s built-in PHP parser it uses for PHP’s own INI-based configuration files. In addition to parsing the text, the INI parser supports inheriting system environment values and PHP constant declared by the time the text is parsed. Since PHP 8.3, it also supports a fallback value syntax […]

PHP 8 has been officially released to the General Availability on November 26, 2020! This new major update brings many optimizations and powerful features to the language. We’re excited to drive you through the most interesting changes that will allow us to write better code and build more robust applications.The most acclaimed feature coming with […]