Password Compat
elementor
Password Compat | elementor | |
---|---|---|
1 | 163 | |
2,150 | 6,391 | |
- | 0.2% | |
0.0 | 9.9 | |
3 months ago | 7 days ago | |
PHP | JavaScript | |
MIT License | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Password Compat
-
WordPlate: WordPress on Composer with sensible defaults
> Same for WordPress.
Not as much - WP favours backwards compatibility (or is it laziness?) even when doing so impacts security.
Another problem is that the environments Wordpress targets are inherently vulnerable - while it's not WP's fault directly, they do nothing to warn people against using them nor outright stop supporting broken, insecure configurations.
> There are multitudes of comments that specifically single out WP in the post's comment thread. Including this very thread that you are on.
I was talking about publicized data breaches in general. But if we specifically talk about CMSes, I'm not sure anything else beats Wordpress and similar PHP-based CMSes of that era when it comes to not just the amount of vulnerabilities, but especially the nature of them - the same, dumb, basic problems resolved in every other language (including modern PHP with a framework such as Laravel) repeated over and over again.
> WHERE is that objective study that compares WordPress with other software in regard to vulnerabilities
Someone posted the following excerpt of the Wordpress codebase, which appears to be some custom attempt at simulating SQL query parameterization instead of using the actual, database-driver-provided function. If this is indeed the purpose of that function and it is indeed used, then I'm not sure there is any valid excuse for this in today's day and age.
Someone else mentioned password hashing still relying on MD5 - if that is actually true, I'm not sure that is excusable either? I haven't done PHP for many years now, but surely even if the native functions aren't available, couldn't they use a "polyfill" such as https://github.com/ircmaxell/password_compat ?
I'm sure there are many other issues but frankly the first one should be enough for any competent developer to run away.
> No it doesnt. Dont make up falsities. PHP executes files how you configure it to.
I was with you until this, but now I think you're arguing in bad faith.
Yes, if you want to be pedantic, PHP and your web server execute files like how you configure them to. In practice, the environment where the vast majority of Wordpress sites are deployed (your typical shared hosting environment) will execute anything that ends with .php and is in the web root.
This is inherently a legacy PHP problem (which WP encourages by supporting it) - no other language that I know of does this by default. If I accidentally store a malicious file in Python, Ruby, Node.js, etc applications, the worst that will happen is that I serve it back. At no point what so ever the server itself will execute that file.
Yet in the PHP environments Wordpress targets, this is a massive issue which means every single feature handling file uploads (both in WP core and any plugins) should anticipate your server's misconfiguration (maybe it's not limited to .php files, but .html files too?) and try to protect against it, eventually failing and then you get yet another Wordpress vulnerability.
elementor
- Ask HN: Freelance website builders/maintainers, what's in your 2024 toolkit?
- Elementor Slow with Safari
-
Elementor 3.18.1 vulnerabilities
That said there is already a PR https://github.com/elementor/elementor/pull/24539 Internal: Improve file uploads mechanism followup that improves some parts there. So I think there will be a 3.18.2 soon as they said in another issue that 3.18.3 might be out next week already. So 3.18.2 should be between that.
- Is anybody loving Elementor and their focus on AI?
-
Elementor not loading pages / loading extremely slowly ?
This issue can be fixed. Works with 3.18.1: https://github.com/elementor/elementor/commit/785ec0e8da14263794bbe6639a37b96ceb36cb2c
-
No keywords are visible in the taxonomy filter
Seems to be the same problem as described here: https://github.com/elementor/elementor/issues/23917
-
Nested Tabs: On mobile breakpoint, adjacent tab opens upwards and shows only the bottom of tab content
I found bug report from earlier this year, for this same issue on GitHub: https://github.com/elementor/elementor/issues/21288
-
400+ Websites That I Use as a Web Designer/Freelancer - All Compiled and Categorized in One Place
Elementor - As much as I hate Elementor after getting used to Webflow, it deserves a praise. You can build so much stuff with little-to-no knowledge with it on Wordpress. (One of My Favorites)
-
Best Website Builder? looking for reddit suggestions!
Elementor is a fantastic plugin for WordPress that takes website building to the next level. It offers a visual, drag-and-drop editor that empowers you to create stunning and dynamic websites without any coding knowledge, I been creating some very cool websites with this plugin and wordpress and it been working well for me. I like to be able to have more control over my sites and unlike stuff like wix or shopify, with Elementor you can have as much freedom as you want and to truly create unique looking web pages.
-
Soundcloud widget no longer shows up.
I also found two others online from the past day with the same issue: https://github.com/elementor/elementor/issues/22957 https://wordpress.org/support/topic/soundcloud-linked-clips/
What are some alternatives?
weakpass - Weakpass collection of tools for bruteforce and hashcracking
Laravel-Pagebuilder - A drag and drop pagebuilder to manage pages in any Laravel project
Zxcvbn PHP - Realistic PHP password strength estimate library based on Zxcvbn JS
proelements - This plugin enables GPL features of Elementor Pro: widgets, theme builder, dynamic colors and content, forms & popup builder, and more.
PHP Password Lib - A library for generating and validating passwords
react-dnd - Drag and Drop for React
Password Policy - A password policy enforcer for PHP and JavaScript
wp-graphql - :rocket: GraphQL API for WordPress
phpass - Python implementation of the portable PHP password hashing framework
lazy-blocks - Use Lazy Blocks plugin to rapidly build custom blocks without ever leaving your WordPress editor
Password-Generator - PHP Library to generate random passwords
wp-graphql-jwt-authentication - Authentication for WPGraphQL using JWT (JSON Web Tokens)