December 4, 2023 update: Welp, WordFence is still showing the issue, so my expectation of the issue being resolved quickly was optimistic. I’m sure it will be fixed any day now.
Original post: What a lovely way to come back from Thanksgiving break! I’ve been working since 6 a.m. and just came across this alert from WordFence.
This is not good, bro’s. A critical security vulnerability has been found in the WordPress Gutenberg plugin, which is basically their cornerstone plugin at the moment. I’m sure this issue will be resolved sometime this week. I’m not sweating it, but back up all your sites just in case you decide to switch over to the latest and greatest WordPress trends.
Thanks to WordFence and the bounty hunters for regularly alerting me to issues. I strongly recommend the WordFence plugin. If your website gets a lot of attacks, the premium version of WordFence is worth it!
Should you make the switch to Gutenberg?
Trust me, I didn’t want to switch over to Gutenberg either. If you’re running a simple blog, sure, make the switch. If you’re running a more complex website, probably don’t make the switch yet, or make the switch graually. I’ve found that Gutenberg and site editor building can be implemented gradually without breaking the rest of your site, if you know how to set it up that way.
I’ve got several hours logged in the new WordPress and I’m glad I’ve learned the new techniques. If you plan on using WordPress for the years to come, just go ahead and start watching block theme and site editing tutorial videos on YouTube from @jamiewp, read the docs as you need them, copy themes and tweak them, etc., and then build your own custom block theme from there.
Full site editing, site editor, Gutenberg, what is it all this terminology mixup?
When you break it down, it’s kind of just another WYSIWYG page builder plugin with a different flavor.
WordPress is competing with big names like Wix, Weebly, and a plethora of other new page builders, so I’ve convinced myself that this competitive market is probably the main reason they are choosing to go for a less developer-friendly route and a more consumer-friendly route. Us tech folks are just going to have to do what we do best and that is to learn or adopt another platform that works best for our needs.
There is a learning curve, but after that I am able to work more quickly and focus on writing content instead of design. However, the latest security vulnerability is another reason to stay in the classic editor van for a little while longer. I’m not hating on anyone who chooses to stick with the classic editor or even raw HTML WordPress pages and template parts, because there are plenty of frustrations to be resolved in the New World Order of WordPress.
Ya gotta do what ya gotta do.