WordPress Cross-Site-Scripting Vulnerability

WordPress Cross-Site-Scripting Vulnerability

I just got a notice that the plugin

GDPR Cookie Consent

has a XSS vulnerability in it. Just released today:

This entry was posted in Vulnerabilities, WordPress Security on February 11, 2020 by Matt Barry   0 Replies

Description: Improper Access Controls
Affected Plugin: GDPR Cookie Consent
Affected Versions: <= 1.8.2
CVSS Score: 9.0 (Critical)
CVSS Vector:
Patched Version: 1.8.3

If you are using this plugin, you will want to upgrade to version 1.8.3 immediately. If you want the details of the vulnerability and how it works, you can read the rest of the long post here:

or search it out on the WordFence blog.

Thanks for visiting. Share this information with your developer friends! 🙂

Why email passwords are not enough

Why email passwords are not enough

Do you have security on your email account? How much…a good password maybe? It’s not enough. And here is why…

Your email account gives access to ANY other account you may hold. If someone can access your email account, they can ‘verify’ and get into ANY of your online accounts. Maybe you think people don’t try? Well that would be a very bad mistake. Here is my account that someone has been trying to get in to unsuccessfully for 24 hours now. It’s been unsuccessful because #1 I have 2-step verification on my microsoft account.  And #2, because I have 2-step verification on, you need another ‘special’ password to set up email, because the regular password won’t work in an email setup if you have 2-step security turned on.

If you look at the image, you will see the protocol they were trying to access was/is IMAP …which is email. When the request hit my phone today, I changed the password to make it even more difficult, now they have to start over if they want to continue…but somehow they got my email password, or I would have never got a request on my phone. So that should be proof to you that passwords alone are not enough.

There are certain accounts that need to be protected harder than other accounts…these are banking, hosting, and email accounts. Don’t take chances with them. You may never need it for 5 years…but if you have it in place and use it regularly…the 1 time you do need it, it will protect you.

Call Everything I.T. if you need help with security. We can help you.

email account security

Hackers Are Not That Smart…

Hackers Are Not That Smart…

Don’t Fear Hackers, Just Protect, and Sleep At Night

I just wanted to write a brief post, in light of all the internet hacking and malware that is going on lately. There are some pretty nasty infections going around the web at the moment. But people shouldn’t fear them. If you have your security up tight, if you have done all the basics, and follow all the rules, life will go on, and everything will be ok. Most hackers are not actually that intelligent. Granted, there is a handful of extremely bright coders/programmers out there. But you need to know that this is NOT the majority of the crowd out there. The majority of the crowd falls into the category of what we like to call “script kiddies” …people with zero skills, who download malicious programs from the internet and the darkweb (if they actually survive without getting hacked themselves) and attempt to put them to work. (more…)

WOW, this is AMAZING!

WOW, this is AMAZING!

AMAZING launch returns boosters to the pad for the first time!

It’s not I.T. related, but being a veteran, and also working for both Lockheed Martin, and Astro Aerospace in the past, I have a great appreciation for these projects as well. In any regard, this is a tremendously amazing acheivment, and glorious to observe. I watched this video on my TV …full screen! Don’t check out early, or you will miss the best part.

WordPress 5.1 Released Today

The latest version of WordPress, 5.1, has some great improvements. You will want to read about them:  (REF: https://make.wordpress.org/core/2019/02/08/wordpress-5-1-field-guide/ )  CHECK IT OUT!

  1. Cron Improvements with PHP-FPM in WordPress 5.1
  2. Cron API changes in WordPress 5.1
  3. Preparing WordPress for a JavaScript Future Part #1: Build Step and Folder Reorganization
  4. Build tools: We’ve enabled running WordPress from /src again
  5. New Styling for Admin Table Pagination Links in WordPress 5.1
  6. WordPress 5.1 String Changes in HTML/PHP Files

There are even more goodies in 5.1 like updates to values allowed for the WP_DEBUG_LOG constant, new test config file constant in the test suite, new plugin action hooks, short circuit filters for wp_unique_post_slug() and WP_User_Query and count_users(), a new human_readable_duration function, improved taxonomy metabox sanitization, limited LIKE support for meta keys when using WP_Meta_Query, a new “doing it wrong” notice when registering REST API endpoints, and more!

  1. Miscellaneous Developer Focused Changes in 5.1
  2. New function: human_readable_duration
  3. Improved taxonomy metabox sanitization in 5.1
  4. LIKE support for meta keys in 5.1
  5. New REST API Notice in 5.1

There are also a few additional changes that will receive a dev note shortly:

  • Object Caching can now degrade gracefully (#22661)
  • New parameter for the wp_check_filetype_and_ext filter (#45707)
  • New filter for filtering and overriding block attributes (#45451)

But Wait, There is More!

Over 303 bugs, 156 enhancements, 9 feature requests, and 23 blessed tasks have been marked as fixed in WordPress 5.1. Some additional ones to highlight include:

  • Bootstrap/Load: WSODs protection returns incorrect content type for JSON Requests (#45933)
  • Cache API: Allow object caches to degrade gracefully (#22661)
  • Customize: Improve browser compatibility of X-Frame-Options and Content-Security-Policy headers for window in preview iframe (#40020)
  • Customize: Use iframe sandbox attribute to restrict browsing in Customizer preview instead of attempting to rely on JS to intercept top navigation (#42341)
  • Customize: Fix counting of sections for widget sidebars, allowing non-sidebar sections to not interfere (#43556)
  • Customize: Prevent wp_targeted_link_rel() from corrupting Customizer changeset data (#45292)
  • Media: Parse the creation date out of uploaded audio files (#42017)
  • Media: No placeholder for ico file in list view of Media Library (#43458)
  • Media: media_handle_sideload() may unexpectedly return 0 on error (#44303)
  • Menus: Improve headings and instructions for better accessibility (#43397)
  • Menus: Show an appropriate message when no menus exist (#45155)
  • Networks and Sites: Improve site creation in multisite (#40364)
  • Networks and Sites: Introduce ms-site.php and ms-network.php files (#40647)
  • Networks and Sites: Implement wp_initialize_site() and wp_uninitialize_site()(#41333)
  • Plugins: Disable “Install Plugin” button for PHP required version mismatch (#43986)
  • Privacy: Show the comment / awaiting moderation message even without opt-in (#43857)
  • Query: post__in orderby not working when passed in an array to orderby (#38034)
  • REST API: Allow to filter the query in the search controller (#45454)
  • Taxonomy: Add un|registered_taxonomy_for_object_type action (#44733)
  • Users: New filter to short circuit WP_User_Query results (#44169)
  • Widgets: Make the Widgets screen “Enable accessibility mode” link more discoverable (#42778)
  • Widgets: Fix Gallery Widget preview after an image is deleted (#43139)
  • Widgets: Fix custom HTML widget editor content not updating after save (#43657)
Give the Gift of I.T.

Give the Gift of I.T.

Everything I.T.’s gift certificates make the perfect Christmas (or other occassion) gift for the person that is difficult to buy for, because they can be used for so many different things. If the recipient is non-technical, they can be used to set up email, for computer tutoring or training, or for remote technical assistance if they get in a jam they just can’t resolve on their own. It can be used for a computer repair, for home or business. For the more technical person, it can be used for computer hardware upgrades (for your favorite gamer) like graphic cards, hard drives, extra memory, or whatever. It can use used to help them get that website going that they know they need but haven’t been able to afford, or if they already have one, they can get upgrades to it, or even an annual maintenance contract. The best part is, …you don’t have to choose. You just chip in, purchase the gift certificate, and let them use it however they want! It’s perfect really…There are very few people who can’t find some use for it. You can purchase the gift certificate for any amount you choose, from $35 and up. ($35.00 is still the minimum 1 hour rate for any job) It’s perfect for young and old alike. I tutor students, and work with seniors, I’m very patient, and can help anyone who needs it to adapt to the technical era. Get one today!

AMOUNT (add quantity later)
Name of recipient
Recipient Mailing Address

What’s Next at Microsoft? What is Going Away Next? (Must Read)

What’s Next at Microsoft? What is Going Away Next? (Must Read)

So what’s up with Microsoft? Major changes, that’s what. I just read today that Microsoft is changing pace and direction yet again (good new if you are a stockholder, bad news if you are just trying to hang on with old technology) Starting this month, it’s closing doors to almost all of it’s Windows. Support for them anyway…they are stopping for support for a whole list of stuff. You may want to take a look:

The support for the below products will be discontinued across different forums in the Community.

Windows 7, 8.1, 8.1 RT
Microsoft Security Essentials
Internet Explorer 10
Office 2010, 2013
Surface Pro, Surface Pro 2, Surface RT, Surface 2
Microsoft Band – this topic will be locked. Users are invited to participate in Microsoft Band 2 topic.
Mobile devices forum – Microsoft support will continue in “Other Windows mobile devices” topic
Zune – this topic will be locked, but will remain available for browsing

Microsoft Community participants are welcome, however, and encouraged to continue to use the forum to ask questions and post answers with “each other.” In other words, there won’t be any more “Microsoft” responses to questions and issues posted there. They are dumping everyone. Microsoft Support Forum Changes Microsoft is moving even MORE to the cloud, and in some arenas, into the open-source industry as well.

Also, a new version of Office, Office 2019 is supposed to come out later this year. and will supposedly have the same life support as Office 2016. (but if you don’t have that, better get with the program) Office 2019

Since the new CEO Satya Nadella joined the game in 2014, these shifts and acquisitions took place: $2.5 billion acquisition of Mojang, the Swedish maker of Minecraft shortly after his arrival, then in 2016 acquired Xamarin for a rumored $500 million, and then, announced just days before the cuts to product support, Microsoft’s $7.5 billion purchase of the world’s largest code repository, Github, underscores its commitment to open-source software development. Read the full article here: Microsoft closing Windows’ doors.

Have You Been Hacked? What Can You Do?

A video, 12 signs your computer has been hacked. It’s not the full list, but it’s the main list. If you “do” think that maybe your computer has been hacked, watch the video. It may be that something else is going on. But, if you watch the video, and after, you really are more convinced than ever you have been hacked, or some account has been hacked, and you don’t know what you should do next, you can call a professional. We deal with it all the time. It can be a scary situation, and even though you know you shouldn’t panic, it’s kind of hard not to. (especially if there is money involved) But fear not, help is out there. You can get in touch with Everything I.T. for one thing. (Or someone else, it doesn’t matter really, just call someone who can help you)

If you thing you’ve been hacked, and you don’t know what to do, call everything now at (805) 253-2034 (if you have internet you can hit the chat button and talk to someone right away.)
Why email passwords are not enough

Cooling the World’s Fastest Supercomputer

So. How exactly DO you cool the world’s fastest supercomputer? With about 4,000 gallons of water a minute to cool 37,000 processors, that’s how. Summit, built by IBM, occupies floor space equivalent to two tennis courts, and was built for (owned by) Oak Ridge National Lab in Tennessee. That’s right, the US now holds that record again, after the Chinese grabbed it in June of 2013. When you build a computer like that, it kind of pays for itself I would think, as the world starts sending you all the problems smaller computers can’t solve fast enough. Summit has more than 1,000 petaflops of computing power, with a peak performance of 200 quadrillion calculations per second. If you want to read about some of the planned uses for Summit, READ HERE (link will take you off the site)

Everything I.T. builds computers also, just not quite that large. 🙂

Summit Supercomputer

Why email passwords are not enough

Don’t Update Windows 10 Right Now


I’m advising people to postpone updating Windows 10 to the April 1803 update. It is crashing a LOT of machines …and doing it in such a way that they are not recoverable apart from reinstalling Windows. Make sure all your documents are backed up, and if you have backup software make sure you have an image of your hard drive. If you want to know what build you have click on Settings gear icon by the bottom of the start menu, and type UPDATE in the search box at the top, and pull up the Windows Update settings page. Then look for the link that says “build info” , …should look like this:

Windows 10 Windows Update

After that, you should have this page:

Windows 10 Build Info

If it still says 1709 you are good. If it says 1803 and your machine didn’t crash, EVEN BETTER!! 🙂 But if it says 1709, you may want to pause your updates for a while. Or at least make sure you have really good backups. …and if the worst already happened, give us a call. We can rebuilt it for you! 🙂 (and my sincerest sympathies to you) 


(805) 253-2034

Why email passwords are not enough

Whole NEW Version: WordPress 5.0 FINALLY Here!

EDIT: I just REALIZED that it didn’t update to 5.0. It WAS supposed to be a 5.0 update today. Maybe they had a bug with it and downgraded…it’s actually version 4.9.6 that got released, and I didn’t find out until I just noticed as I was doing my sites, that it was a different version than was supposed to be released today. So, I’m sorry for that, I guess they are still working it. Uggh, so sorry folks. So when they do finally release 5.0, you will really want to get it.

WordPress 5.0 is FINALLY here! Think about it…only up to the core version 5…this is a MAJOR update! If you didn’t upgrade earlier updates, you need to at least get this one, and get to the next whole version. Incorporates a whole new editor, and top, new, security features! If you didn’t know, Gutenberg “used” to be just a plugin editor. But it is now part of WordPress. It’s supposed to make editing your easier, for those of you who don’t know CSS and HTML, it supposedly does more for you with just the visual editor / drag and drop if you will. There are plenty of places to read about it, just Google “Gutenberg WordPress Editor”. One of the great new features is “block editing” …which before, you had to get a heavy theme with something incorporated if you wanted a feature like this.[edsanimate_start entry_animation_type= “spinner” entry_delay= “2.5” entry_duration= “1.5” entry_timing= “linear” exit_animation_type= “” exit_delay= “” exit_duration= “” exit_timing= “” animation_repeat= “1” keep= “yes” animate_on= “scroll” scroll_offset= “25” custom_css_class= “”][edsanimate_start entry_animation_type= “rotateIn” entry_delay= “0” entry_duration= “1.5” entry_timing= “linear” exit_animation_type= “” exit_delay= “” exit_duration= “” exit_timing= “” animation_repeat= “1” keep= “yes” animate_on= “hover” scroll_offset= “” custom_css_class= “”][edsanimate_end][edsanimate_end]

In addtion to the editor, it has better security (every WordPress update increased security some, so they are always important to update) but it also has a better background image cropping/editor, and better Mobile Optimization as well. You are definitly going to want to look into this and update right away. If you want a safe update, you can call us, and we will make sure you get all the files AND the database backed up both prior to, and after the update if you want. We like to do things safely at Everything I.T.

And by the way, SSL certificate installations are STILL ON SALE. If your website is not HTTPS:// instead of HTTP:// you NEED to get a hold of us RIGHT AWAY! You are losing customers. Google has been putting you at the END of the search results if you have not converted to an encrypted connection. LET us fix that for you PLEASE. It will help your business!!! And if you want help updating your site, just go to the contact page, or hit the chat button. 🙂

If you want to purchase this deal to get an SSL certificate installed on your site, click here, and order it now:

FIRST put your info so we can reach you after your purchase…

URL to Add SSL to!
email address to reach you on

THEN: Click the BIG BUTTON to make your SECURE purchase/order !

Why email passwords are not enough

Special on SSL Certificate Installations!

SSL Installation: Special price -limited time only!

$65 for installation with cost of certificate INCLUDED. (usually separate cost)

If you don’t have an SSL certificate on your website, your site likely looks like this first image (on a Mac):  The next 5 are examples of other various displays of sites without SSL, on various browsers

No SSL, Needs SSL, or HAS SSL      

The main point is this, without an SSL certificate, you won’t have the GREEN PADLOCK next to your sites URL (web address) and you are losing traffic, and BUSINESS. Not to mention that Google now “bottom ranks” insecure (non-ssl) websites. That’s right, you go to the VERY BOTTOM of the page ranking results, displaying probably, somewhere around page 10 in the search results if someone searches for your business with Google. Sometimes even warnings are displayed recommending people NOT navigate to your website. Those can look something like this:

Or, maybe you find yourself in this situation: You may actually HAVE an SSL certificate on your website, but still don’t have the GREEN PADLOCK on your address bar, indicating it is secure. If you have THIS particular issue, I can fix that also. It has to do with having mixed content, and I can fix it, you should call me. (it will be a different price, so don’t use this button though) If you DO have an SSL certificate, and the HTTPS:// address works, but you still don’t have a green padlock, your site will look something like this:

Mixed Content

NOTE: If you already have a certificate, or if you choose to purchase your own from a different provider, the cost of installation is still $65, which is a discount from the $75, which is a discount from the original price of $100.

If you want to purchase this deal to get an SSL certificate installed on your site, click here, and order it now:

FIRST put your info so we can reach you after your purchase…

URL to Add SSL to!
email address to reach you on

THEN: Click the BIG BUTTON to make your SECURE purchase/order !

PayPal Buy Now button