Today’s WordPress 6.4.3 update contained security patches for two minor issues in core.

A maintenance release of 6.4.3 is being prepared and is currently targeted for January 30th.

It is good to see that the number of contributors and people making their first contribution to core continues to increase year over year. Other interesting stats show the number of contributors by country and contributions by company.

Following up on his article about authentication cookies, Calvin Alkan does a deep dive on WordPress salts. The salts keys are found in the WP Config file and people often wonder what they are and if we need to do something in relation to them. All of that and more in this technical article.

As shared here earlier, Thomas J. Raef recently released an analysis of hacked WordPress sites and found a significant number are hacked because session cookies were stolen due to the user’s computer having malware. One outcome from that research is the importance of logging out of sites and not just closing the browser.

In this article Calvin Alkan provides a deep dive into how WordPress sessions work. He found that WP session management provides good protection against Cross-Site Scripting attacks and session Fixation, but does not protect against session hijacking from local devices. Calvin’s suggestion is to decrease the lifetime of WordPress sessions to help prevent session hijacking.

The WordPress 6.5 roadmap – Kind of an interesting random mix. There is mention of a Custom Fields API, but reading on that one it seems up in the air and seat of the pants.

WordPress 6.4.2 is rolling out. It includes 7 bug fixes and 1 security update. The explanation for the security item is:

“A Remote Code Execution vulnerability that is not directly exploitable in core, however the security team feels that there is a potential for high severity when combined with some plugins, especially in multisite installs.”

This 6.4 retrospective survey had some interesting responses that gives insight into the release process and possible changes.

This article has a bit of a behind the scenes look at the creation of the Twenty Twenty-Four theme.