Overview of WordPress Vulnerabilities in December 2016

In this December 2016 monthly roundup of WordPress core, plugins and themes reported vulnerabilities, very few WordPress plugins vulnerabilities were reported.

Overview of WordPress Plugins Vulnerabilities in December 2016

27 WordPress plugins vulnerabilities were discovered in December. Also in the month of December, the trend of plugins being removed from the WordPress repository still continues. It was noticed that that the number of plugins being taken offline from the WordPress repository is increasing. Plugins are taken offline when developers do not fix vulnerabilities, or the developers cannot be reached hence the vulnerabilities are not fixed. This is a good initiative since it ensures that the majority of WordPress plugins on the repository are being maintained and above all, are secure.

Below is the complete list of all the WordPress plugins a vulnerabilities reported in December 2016:

WordPress Plugins Vulnerabilities

  • CSRF security issue in Copy-Me plugin
  • SSRF vulnerability in Nelio AB Testing plugin
  • SQL Injection in Xtreme Locator Dealer Locator plugin
  • Blind Injection in ZM Gallery plugin
  • SQL Injection in WP Private Messages plugin
  • CSRF / Database Update vulnerability in ZX_CSV Upload plugin
  • SQL Injection in Single Personal Message plugin
  • SQL Injection in WP Support Plus Responsive Ticket System plugin
  • Authenticated Information Disclosure in Backup & Restore Dropbox plugin
  • Stored XSS and CSRF in Quiz and Survey Master plugin
  • Multiple SQL Injection and XSS vulnerabilities in Podlove Podcast Publisher
  • Reflected XSS vulnerability in MailChimp for WordPress plugin
  • Arbitraty File Upload vulnerability in Delete All Comments plugin
  • Reflected Cross-site Scripting in Social Pug – Easy Social Share Buttons plugin
  • CSRF vulnerability in Multisite Post Duplicator plugin
  • PHP Object Injection in BP Profile Search
  • CSRF & XSS vulnerabilities in Twitter Cards Meta plugin
  • Information Disclosure vulnerability in WooCommerce Email Test plugin
  • Arbitrary file deletion vulnerability in Image Slider plugin
  • Unauthenticated change of password critical security issue in Ultimate Member plugin
  • SQL Injection in WA Form Builder
  • SQL Injection vulnerability in Product Catalog plugin
  • Unauthenticated SQL Injection in BBS e-Franchise plugin
  • Local File Inclusion in WP Vault plugin

This vulnerabilities and security issues roundup is made possible through WP Security Bloggers.

How to Delete Uncategorized Category From WordPress

Delete Uncategorized Category In WordPress

Sometimes you might be having difficulty to delete uncategorized category in WordPress. By default WordPress blog posts are categorized under the ‘uncategorized’ section. This can sometimes be annoying as blog posts not manually categorized will be listed under this category section.

And if you go to the Category section of WordPress, there is no option to delete uncategorized category from the list.  This can be annoying. I’m sure some you know exactly what I’m talking about.




Well, you don’t have to worry about this anymore. Today, I’m going to pass along the steps you can use to delete the uncategorized category so you won’t have to deal with this little annoying item anymore. Even if you have some posts in the ‘uncategorized’ category, don’t worry, they won’t be deleted and you won’t lose them. They will just be transferred to whatever the new default category is.


You can skip this step if you have created different categories for your blog but if you have not, continue.

  • Under Post > Categories, here you have the categories listed on the right side, on the left side is the option to add a New Category
  • Input the new category you want, input the slug (this is the URL-friendly version of the category name usually in lower case)
  • Click on Add New Category and this category will be created.





Under Settings > Writing, there is an option called Default Post Category. This is the category that all of your post will be under automatically. The WordPress Default is set to ‘uncategorized’. You will not be able to delete whatever category is selected here. This is why you are unable to delete uncategorized category.

  • Go to Setting > Writing
  • Click on the Drop down arrow beside the Default Post Category
  • Switch it to another category and
  • Click Save Change




Now that you have changed the default post category from ‘uncategorized’ to another of your choice, you will be able to delete the unwanted ‘uncategorized’ category. To delete uncategorized category:

  • Go to Posts > Categories
  • Hover your mouse on ‘uncategorized’ dropdown
  • You will notice that the option to delete uncategorized is now visible.
  • Click on ‘Delete’ and its gone!
  • It is that simple! Say goodbye to uncategorized posts.




Note: Deleting a category does not delete the posts in that category. Instead, posts that were only assigned to the deleted category are set to the New Default category you have selected in Step Two. So don’t worry!


Please remember that categories are your primary navigation and gateway to content on your site. Use them wisely. Use names that tell the visitor in an instant that they are in the right place. Use names that guide the user to the help and information they want.

Things You Need to Know About Categories

Here are a few things you need to know about categories in WordPress.

  • A category will not appear in your category navigation unless there is a published post in it.
  • Category names should be keyword specific not made-up or fun names. They are important navigation links so call them what they represent..
  • You can have one post in multiple categories.
  • Categories can have subcategories.
  • By default, the WordPress permalink structure for categories include the word “category” in the permalink such as
  • By default, the WordPress permalink structure for subcategories is, featuring the parent category slug name first, followed by the subcategory slug.
  • Categories have their own feeds. The link to the feed is in the structure of by default.
  • Pages do not have categories, only posts.
, ,

WordPress Security: How is WordPress Website Hacked?

Having your WordPress website hacked is one of the biggest nightmares for any website owner. From one moment to the next, your site is shut down. Traffic plummets and all the energy, effort, time, and money you put into your site is on the brink of being lost entirely.

As much as the developers behind WordPress and the entire WordPress community are working round the clock to make better and more secure versions of WordPress, the hackers are also trying by all means to find new vulnerabilities they can explore. Vulnerability is a weakness that allows attackers to compromise a product, in this case a website.

Getting backed your WordPress Website hacked is hard work, however, not as hard as winning back your audience’s trust or getting your site off spam blacklists.

While getting a WordPress Website hacked is never pleasant, it is much more common than you would think. The security of a website is not a luxury. Every day the attacks on websites are getting more and more sophisticated.

My intention is not to alarm you, but I want to present the situation exactly as it is so you can make plans to improve your website security.

Beside these, WordPress as the most CMS platform is also leading CMS by the number of attacks!

This is compulsory reading for any WordPress website owner, so take notice! WordPress websites get hacked through

  • Hosting Service provider: The WP White Security informs us that 41% of the hacked websites take place because of the hosting provider. Some host service providers have security loopholes that hackers take opportunities of to hack a website.
  • Out-dated WordPress, Plugins and Themes Version: using out-dated WordPress files, themes and plugins is one of the most used vulnerability that hackers use to get the control of a website. A smart hacker can obtain lots of data by hacking plugins or themes that are not update. Collectively, this account for 51% of hacked WordPress websites. If you have heard about Panama papers, it is believed that behind this huge data loss is a vulnerable version of an extensively used plugin called Revolution Slider as reported by WordFence.
  • Weak Password: Almost 8% of websites are hacked due to weak passwords. Using strong password is a widely spread security tip known by almost everyone, so there should be no excuse for getting hacked this way. Hackers sometimes use sophisticated methods to steal your account credentials but sometimes they use brute-force i.e. they use extremely fast software solution try various combinations of username and password to enter your website. If you use admin as username, then you have made the work pretty easy for hackers.
  • Unsafe Computer: A website is still vulnerable even if the above loopholes have been covered. Another way WordPress Websites are hacked hackers used to break into a website is to infect the computer of the website admin with a virus. Periodically, an admin will check the website and can get hacked by the virus stored on the computer files.

The Golden rule of Website security says that “it is better to prevent than to clear”. It is therefore important to take proactive measures to assure a secure website or blog.

This is the end of the post, read carefully and make necessary adjustments where necessary. If you do then the chances of being hacked are low and you can fully focus on other aspects. Still website security is a dynamic field and you should stay updated all the time.

List of Important WordPress Plugins you must install on your website

Do you have an existing WordPress site or you are just developing your website, compiled here are list of the most Important WordPress Plugins you must have installed on your website.

WordPress is designed to be lean and lightweight with a lot of features and flexibilities, but there is still a lot of functionality missing from it. Plugins are designed to fill in these missing functions. Plugins offers custom functions and features so that users can tailor their sites to their specific needs.


Plugins are used to extend and add to the functionality that already exist in WordPress


The best way to fill in the missing pieces is to get yourself the right plugins. It is often confusing trying to pick out the plugins to install among the many that are available. I will admit that it can be difficult sometimes to sort out the good from the, well, not so good. But I have tried to simplify the process of choosing the most important WordPress plugins you should use. I have also provided links to these important WordPress plugins where necessary.

WordPress Plugins are available from several sources. The most popular and official source for WordPress Plugins is the WordPress Plugin Directory.

So here is a collection of free and premium important wordpress plugins you must have installed on your website. There are various options included for everything from caching, seo, to security and backup.

The Most Important WordPress Plugins are for:



This is one of the first set of important wordpress plugins I will recommend you install after installing WordPress for your website. Every webmaster or web owner should install one or two of these plugins to secure their website. Some of these plugins are Wordfence Security, WPS Hide Login, Sucuri Security, iThemes Security (formerly Better WP). Installing any of these plugins with further protect your WordPress website from malware, brute force attack, login security etc. I have these plugins installed on my various websites.


As the name implies, these plugins adds SEO functionalities to a website. Aside from security, this is another important WordPress plugin that should not be missing from your site.. The plugin I will recommend are Yoast SEO and All in One SEO Pack. These plugins helps to write better contents, choose focus keywords in each articles and makes sure the focus keywords are used constantly throughout the article.


Spam comments are unsolicited comments posted on websites by a broad category of spambot or spammer. Most spam comments are advertisements. AntiSpam plugins usually check each comments to see if they look like spam or not and let you review the spam comments it blocked. Without antispam plugins, you stand no chance against SPAM. The most popular antispam plugin for WordPress is Akismet. Akismet does a good job at catching SPAM comments.


Tracking the number of visitors on your website need not be a hard task. These plugins allows you to easily track you site. It is important to install any of these plugins so that you can be able to measure the growth of your website. An example is Google Analytics Dashboard for WP. This plugin enables you to track your site using the latest Google Analytics tracking code and allows to view Key Google Analytics Report on your WordPress Dashboard.


WordPress caching is the fastest way to improve website performance, reduce download time etc.. WordPress cache plugins cache WordPress posts and pages as static files which are then served to users. This can improve the overall performance several hundred times. Some popular Caching plugins are WP Total Cache and WP Super Cache.


Very useful if you want your visitors to share your contents like blog posts and pages via the social media and email. Social sharing is a very powerful tool to increase your site traffic and boost your website social engagement. Check out some of the available social sharing plugins here.


This is an important WordPress plugins that work by displaying after a related posts after the original post post, i.e. similar posts that are in the same category with the original post. Displaying links to related content to help your readers enjoy reading posts on your site. This helps to increase the time visitors spend on your site and also increase your chance of engagement with them. This function is already incorporated in some premium themes but if yours doesn’t have it, then related post plugins are a way to go and you can download from the numerous plugins here.


These plugins place a form on your site which allows visitors to subscribe for future posts or newsletters from your blog. This is a great way to build an email marketing list. They are a very essential tool to engage website visitors for any website. You need to have one installed so that you can start capturing emails of your site visitor early. You can then grow your subscriber list, engage with visitors convert visitors and decrease bounce rate. Check out some here.


Do you have a favorite plugin from this list? Is there any WordPress plugin that you think is absolutely essential for every WordPress site? Indicate in the comments below.

The Global WordPress Translation Day is Happening November 12th

Global WordPress Translation Day 2 is One full day dedicated to bringing WordPress to more people around the world. 24 hours of live training sessions on WordPress. It is is a day set aside to translate WordPress into one of more than 160 languages, learn more about translating WordPress, and meet people from all over the world. Translating is one of the easiest ways to get involved with WordPress and contribute to the project.

This will be the Day 2 of the Global WordPress Translation Day organized by the WordPress Polyglots team. So everyone is invited to participate from anywhere in the world. Join the Polyglot team on November 12th.

Join on November 12th from Anywhere in the World

The translation day starts on Saturday, November 12th, 2016, at 0:00 UTC and ends 24 hours later. Here in Nigeria, it starts by 01:00 am See what time that is for you! You can join right from the start, or any time it’s convenient for you throughout the day.

What are we doing?

It is a great way to get involved in WordPress, as Local contributor days are happening all over the world. I don’t know if there is any of such day in Nigeria and its time the WordPress community in Nigeria organize such local event.

Check out this map to see if there’s already a local event happening near you. Can’t find one? Organize a local event!

At the same time, you can still register to join the community for 24 hours of live-streamed, remote sessions in numerous languages. Sessions will cover localization, internationalization, and contributing in any local language.

Who’s it for?

The translation day is for anyone who wants to learn how to translate and experienced translation editor building a strong team. Developers will also enjoy topics from experienced contributors, whether you are learning about internationalization and or want to find more translators for your themes and plugins. There is a session for everyone!

Get Involved

Joining is easy! On November 12th, in your own timezone, translate WordPress or your favorite plugins and themes into your language, while watching live sessions over the course of the day.

Want to get more involved? Sign up to organize a local event and invite your local community to translate together on November 12th. Events can be formal or completely informal – grab your laptop and a couple of friends, and head to a good meeting point to translate for an hour or two.

Can you get involved if you only speak English?

Absolutely! Even if you only speak English, there are great sessions about internationalization that can benefit every developer. There are also lots of English variants that you can help with! For example, English is spoken and written differently in Australia, Canada, New Zealand, South Africa, England, Nigeria and the United Kingdom. You can learn about these differences and why these variants are important during the sessions.

And if you’re feeling fun, try translating WordPress into emoji! Yep, there is a translation of WordPress in emoji!


If you have any questions, the polyglots’ team and the event organizers hang out in #polyglots in Slack and are happy to help! (Get an invite to Slack at

Sign up to take part in the event on the official website.

Will I be involved? No I can’t. I have a training to attend that same day; I and my team will be training newbies how to design websites with WordPress. It gonna be cool if you attend this training.