The WordPress Update: Major Vulnerabilities And Lower WP Engine Prices

The WordPress Update January 2020

Hey WordPress friends, we are checking in with our first batch of WordPress news for 2020 with the January 2020 edition of The WordPress Update.

If you’re not already familiar with The WordPress Update, it’s our monthly WordPress news roundup where we share everything that’s happening in the WordPress community, as well as our thoughts on the latest stories. Then, we post it here on the blog and send it out to our newsletter subscribers.

If you want to stay on top of the latest WordPress news and make sure you get all the future versions of The WordPress Update, the best thing to do is to sign up for the newsletter.

There might be a bit of a holiday hangover going on because there wasn’t really any big WordPress news this month. There were no new WordPress updates (lowercase “u”), nor were there any big acquisitions or changes.

Still, we did round up some noteworthy news. One of the most popular managed WordPress hosts lowered its prices (WP Engine), GiveWP users hit a wild milestone, and there were some notable security vulnerabilities.

Keep reading for a look at everything that happened in the WordPress space in January 2020…

GiveWP users collectively raise over $100 million

If you’re not familiar, GiveWP is one of the most popular WordPress charity/fundraising plugins. People can use it to set up dedicated fundraising campaigns to solicit donations…which they’ve apparently been quite successful at!

In January, the GiveWP team published an impressive stat:

Collectively, users of GiveWP have officially raised over $100 million.

The actual number might even be higher because the GiveWP team only has access to data for transactions processed through PayPal and Stripe, while GiveWP supports other payment gateways.

Overall, this is just a neat reminder of how widespread and powerful WordPress is. It’s not just for blogs – you can use it to raise millions of dollars!

To learn more, check out WP Tavern’s coverage of the milestone.

WP Engine lowers prices

Usually, price increases are just a way of life. Over time, prices go up – that’s how inflation works!

Well…not always…because WP Engine just lowered the prices on all of its entry-level plans.

Now, the Startup plan costs $27 per month when billed monthly or $22.50 per month when billed annually. Previously, it cost $35 per month with monthly billing, so this is a solid price decrease.

Personally, I think this was necessary, and maybe the result of WP Engine feeling the heat from competitors.

Kinsta, the host that we use here at WP Superstars, had been offering a superior product (in my opinion) at a lower entry price ($30 per month billed monthly or $25 per month billed annually).

Now, the tables have turned and WP Engine comes in a little bit underneath Kinsta, which makes the decision not quite as clear anymore.

If we’re lucky, maybe Kinsta will feel the heat as well and go down to match WP Engine. I guess that’s the beauty of competition!

The new pricing is live, so you can check it out on the WP Engine pricing page.

Major vulnerabilities (since patched) found in InfiniteWP and WP Time Capsule

InfiniteWP and WP Time Capsule are two popular plugins from the same developer. InfiniteWP lets you manage multiple WordPress sites from a single dashboard while WP Time Capsule is a popular automatic backup solution.

In January, WebARX discovered a critical vulnerability in both plugins that could let a malicious actor log in as an administrator without entering a password.

To their credit, the developer moved quickly to fix the issues and had them patched within the next day.

But if you use either of these plugins, it’s essential that you make sure you’re using the latest version to protect yourself from the vulnerability.

Again, the security issue has been patched – you just need to update.

iThemes WordPress vulnerability roundup for January 2020

Speaking of WordPress vulnerabilities, iThemes also recently published its WordPress vulnerability roundup for January 2020.

In addition to the vulnerabilities in WP Time Capsule and InfiniteWP, iThemes also features vulnerabilities in 23 plugins and seven WordPress themes, including:

  • LearnDash
  • Quiz and Survey Master
  • Donorbox
  • 301 Redirects

Pretty much all of these vulnerabilities have since been patched – just make sure you’re using the latest version of these plugins on your site so that you’re benefiting from the security fixes.

What to watch for in WordPress in 2020

Where is WordPress going in 2020? That’s what the folks at tried to answer with some WordPress hot takes and a roundup of events and scheduled releases.

After reading this post, you’ll have a better idea of what’s in store when it comes to WordPress events and plugin releases in 2020.

WordCamp Houston is coming back after 10 years

If you’re a WordPress fan living in Houston, Texas, I have great news for you!

WordCamp Houston will officially be returning in 2020 after a 10-year hiatus.

The event is scheduled for May 9-10 and the organizers expect 250-300 attendees.

As with any WordCamp event, the tickets will be quite affordable.

To learn more about the event, you can check out the official WordCamp Houston page.

Kinsta updates its PHP 7.X Benchmarks

Kinsta keeps a detailed collection of WordPress benchmarks for different PHP versions.

In January, the Kinsta team updated their benchmarks to include PHP 7.4, the latest version.

As you’d expect, PHP 7.4 offers another small bump in performance, processing over 20% more requests per second than PHP 7.1.

This is another good reminder to always use a recent version of PHP if you want your WordPress site to load quickly and reliably.

The Pods plugin loses key Automattic sponsorship

If you’re not familiar, Pods is a popular free solution for working with WordPress custom fields, post types, and taxonomies.

If you’re also not familiar with these terms, they’re basically what took WordPress from its blogging roots to its supremacy as an all-purpose content management system.

Because of the importance of these custom content types, Automattic, the company behind and WooCommerce, had long been a big financial sponsor of the Pods project.

Unfortunately, Automattic withdrew its support of Pods in January. This is a huge loss as Automattic was covering around 90% of the costs associated with the Pods project.

If you want to help support the project, you can donate at the Friends of Pods page.

Pixelgrade publishes its latest transparency report

Pixelgrade has always had one of my favorite transparency reports because of the depth they put into it.

If you’re not familiar, Pixelgrade is a popular WordPress theme shop with some truly beautiful themes.

They’re back at it again with Pixelgrade Transparency Report #10.

Pixelgrade has been going through some struggles with declining revenue. Thankfully, they seem to have turned that around with a strong holiday season. They’re also bringing in more money from their own shop and and less from ThemeForest, which is an interesting shift.

All in all, it’s a great read with tons of hard numbers and behind-the-scenes analysis.

Delicious Brains 2019 year in review

While it’s not quite as detailed as Pixelgrade’s transparency report, Delicious Brains also posted a 2019 year in review blog that’s also worth a read.

If you’re not familiar, Delicious Brains is the company behind some popular WordPress developer products including WP Migrate DB, WP Offload Media, and SpinupWP.

While Brad, the founder, doesn’t post actual sales numbers, Delicious Brains’ revenue is up 27% vs last year, so they’re doing something right!

And that wraps up all of the most important WordPress news and articles from January 2020.

Make sure to subscribe to the newsletter by using the box below. And also check back next month for all the exciting news that’s bound to drop in February.

The WordPress Update January 2020
Scroll to Top
Share via
Copy link