Welcome to Hot Web Dev August 2023, featuring the latest in web development at your fingertips. This month features an exposed WordPress plugin vulnerability and resources to help you build a WordPress block theme. As usual, we have our coding resources and our tool of the month. Enjoy.
Table of contents
Flaw Exposed in WordPress Plugin
A flaw inside the popular All-in-one WP Migration Plugin has left millions vulnerable to unauthorised access token manipulation.
An access token is a credential, usually in the form of a cryptographically generated string, that represents a user’s session or authentication state. Tokens are commonly used in web applications, API access, and many online services to determine whether a user or system has the right to access a particular resource.
If this is compromised hackers can update or delete configurations for the plugin which can lead to the exposure of sensitive information during migration. This could allow hackers to control third-party accounts or even restore malicious backups.
The flaw was first discovered in July by PatchStack and has been since patched. With over 60 million installations those that don’t keep track of updates or don’t enable auto-update may still be at risk.
WordPress Block Theme Resources
Having just redesigned my blog theme I decided to stick with the good old classic theme that I created a few years ago. I’ve not quite ventured into the modern WordPress way of block themes but then who knows what will happen in a few years’ time. Classic themes are not going away just yet.
The traditional classic theme features PHP templates that connect together, header, footer etc. These do have a potential disadvantage as they are all loaded at the same time. Modern WordPress themes use blocks of code which are only loaded when used. Stylesheets no longer need to be enqueued as all the style and typography are handled in JSON files.
One positive to block themes is that you don’t need any knowledge of how to build a website. Low or No Code is really popular just now so it’s entirely up to you on which method you choose.
There are lots of resources to choose from this month. If you want to learn Python for free there is an abundance of written and video tutorials. I came across an impressive 12-part Python series to start your programming journey. It features the basics right up to modules, packages and file handling. Elsewhere freeCodeCamp has teamed up with Microsft to offer a free C# certification. If you are interested in learning how to build games in Unity then C# is the language to learn.
Web Tool Of The Month
If you are privacy-focused then you will like the tool of the month. Google Fonts no more, switch to Bunny Fonts instead. The open-source fonts platform is a privacy-first service that aims to put privacy back into the internet. It offers zero tracking and logging and complies with GDPR laws.
As a drop-in replacement for Google Fonts, the fonts are free to use in commercial and personal projects. Some fonts have a different license which requires the use of an attribution but this is stated within the font family page. The API is as simple to use as Google Fonts so perhaps it’s time to switch.
The Best of the Rest in August 2023
- Essential WordPress Block Theme Features for Web Designers
- What Is Headless WordPress? Should You Switch to It?
- How to Perform an SEO Audit for WordPress
- WordPress is a Foundation, Not a Framework
- The Future of WordPress & What’s Next for Gutenberg