Chad Butler

Wordfence announces critical vulnerability in Litespeed Cache

Chad Butler · Aug 21, 2024 ·

This article is provided free. Find out how you can get full access to premium content, including how-to articles and support forums, as well as priority email support and member exclusive plugin extensions..

Recently, the Wordfence Threat Intelligence team announce a critical vulnerability in the Litespeed Cache plugin. This is a privilege escalation vulnerability, which means that an attacker who gains access as a low level user can exploit the vulnerability to gain admin rights on an affected site.

I am pointing this out because I know a lot of WP-Members’ users also utilize cache plugins, which can include Litespeed Cache. If you’re one of those users, please make sure that you update your version of Litespeed cache to a version higher than 6.3.0.1 as all other versions are vulnerable.

You can read more about this reported vulnerability here:

Over 5,000,000 Site Owners Affected by Critical Privilege Escalation Vulnerability Patched in LiteSpeed Cache Plugin (wordfence.com)

WP-Members Advanced Options 2.3.2

Chad Butler · Jul 2, 2024 ·

A new version of WP-Members Advanced Options has been released.

This update is to add a new feature: customize the native WP login.

This is an initial rollout of what I expect will be expanded upon later. This provides a way to very easily customize the native WP login.

This initial rollout allows you to choose from either a “light” or “dark” native theme or to load your own custom stylesheet. You can also specify your own logo file.

I’ll be expanding this in future releases to allow for more direct customization via the admin panel.

Part of the reason for this is to simplify things for users who need to implement 2 factor authentication (2FA). Most 2FA plugins integrate with the native WP login. For WP-Members users, that requires redirecting blocked content to the WP login, which isn’t exactly “pretty”.

Now, with the Advanced Options, you can not only easily set blocked and restricted content to redirect to the WP login (and redirect back to the originally requested content), but you can “pretty it up” without having to customize it yourself (although you can filter the stylesheet used to implement your own colors, fonts, spacing, etc).

Using a Code Snippets Plugin

Chad Butler · Jun 10, 2024 ·

For users not comfortable with adding code snippets by other means, a code snippets plugin manager can be a great tool. Actually, it can be a great tool for other users, too.

One of the most commonly used code snippets plugins is the aptly named “Code Snippets“. The plugin allows you to add custom code snippets as well as manage the code snippets you have added.

Some of the features include:

Ability to activate/deactivate code snippets
Ability to set code snippets to run only once (useful for utility scripts that manage user or post data)
Screening of code snippet syntax so that an invalid code snippet does not crash the site.

You can get the plugin through the WordPress plugin panel by searching for “Code Snippets” or download it from wordpress.org: Code Snippets – WordPress plugin | WordPress.org

WP-Members PayPal Subscriptions 0.9.9

Chad Butler · May 31, 2024 ·

The WP-Members PayPal Subscriptions extension version 0.9.9 has been released. This update contains some important changes from the previous production version. All users should update.

Continue Reading →

WP-Members Download Protect version 1.9.8

Chad Butler · May 2, 2024 ·

An update to the WP-Members Download Protect extension was released today as version 1.9.8.

This update includes some client library updates, a couple of new API functions, and an improvement to the download error page handling.

Continue Reading →