- \n
- Post Status launches WP Speakers Virtual Stage Series, for rejected WordCamp speakers and anyone else with something to say about WordPress.<\/li>\n
- A cybercriminal network has been working 9-5 since 2016 to infect over 20,000 WordPress websites with malware in the so-called \u201cDollyWay World Domination\u201d campaign.<\/li>\n
- Boring is the new sexy – because who doesn\u2019t love a dashboard behaving itself?<\/li>\n<\/ul>\n
Hot Off The Presses: What\u2019s New?<\/h2>\n
\n![\"Apps](\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2025\/03\/when-task-manager-strikes-fear-mame.jpg\")
<\/div>\n<\/div>\nIt\u2019s not just us, right?<\/p>\n
One minute your computer feels like it\u2019s powered by a potato, and then you press Ctrl-Alt-Del and suddenly everything snaps to attention like a room full of interns who just saw the boss walk in.<\/p>\n
Is it magic? Is it fear? Something else entirely? <\/p>\n
Who knows! <\/p>\n
Anyway, while things seem to be behaving for the moment, keep reading for what\u2019s new in WordPress. <\/p>\n
A Chance To Have Your Say on the Virtual Stage<\/h2>\n
Always wanted to speak at a WordCamp event but your talk submissions haven\u2019t been approved yet? <\/p>\n
Good news. \ud83d\udca1<\/p>\n
Post Status just launched the WP Speakers Virtual Stage Series<\/a> – a live webinar event aimed at getting more voices heard from the WordPress community.<\/p>\n
This idea came to be after several folks shared on social media that their talk ideas had been rejected<\/a>. In her tweet<\/a>, Post Status Executive Director Michelle Frechette promised not to call the event series \u201cFailed Talk Ideas.\u201d But to be honest, Michelle, we think that\u2019s kinda a badass name for a talk series. \ud83d\ude02<\/p>\n
Either way, it\u2019s always a good thing to pass the microphone, virtual or not, to a diverse variety of people in the WordPress world and hear about their experiences. Everyone has something to teach us.<\/p>\n
So, if you\u2019ve got something to say about WordPress and you\u2019d like to say it to more than just your dog, you can apply via the form on this page<\/a>. You\u2019ll hear back from Michelle about whether your talk has been selected.<\/p>\n
This series will run throughout the year, and they are looking for a breadth of topics, so \u201cdon\u2019t be afraid to submit your wildest ideas.\u201d<\/p>\n
Can\u2019t wait to hear the interesting perspectives this series will present!<\/p>\n
20,000 Hacked WordPress Sites Part of Creepy \u201cDollyWay World Domination\u201d Threat<\/h2>\n
If your WordPress site has recently developed a mind of its own and started sending visitors to the digital equivalent of a poorly-lit back alley, you might be a victim of the \u201cDollyWay\u201d campaign.<\/p>\n
GoDaddy\u2019s security researchers have uncovered a long-running malware operation<\/a> that dates all the way back to 2016 and has compromised over 20,000 websites around the world<\/a>.<\/p>\n
Here\u2019s what you need to know:<\/p>\n
- \n
- The malicious scripts hijack your traffic and redirect visitors to, well, somewhere<\/em>. It could be a phishing page, a dodgy fake \u201cbank,\u201d a cryptocurrency site or a dating scam.<\/li>\n
- The hackers then monetize the hijacked traffic to these malware-infested wastelands to gain affiliate ad revenue.<\/li>\n
- GoDaddy\u2019s Security team originally thought these attacks were separate campaigns, but they\u2019ve noticed common infrastructure, code patterns, and monetization methods that tie everything back to one single sophisticated threat actor.<\/li>\n
- The perpetrators are believed to be VexTrio<\/a>, a massive cybercrime network that kinda sounds like the name of a knock-off Marvel villain.<\/li>\n
- The name DollyWay comes from a tell-tale string that was found in some variations of the malware: define(\u2018DOLLY_WAY\u2019, \u2018World Domination\u2019);.<\/li>\n<\/ul>\n
It really should be illegal to use the name of Our Lord and Savior, Dolly Parton for something so sketchy. \ud83d\ude2d<\/p>\n
While WordPress site takeovers aren\u2019t exactly news, the sheer scale of this campaign is pretty freakin\u2019 scary.<\/p>\n
Plus, it\u2019s mind-blowing how easily this malware can re-infect your site<\/a> even when you think you\u2019re in the clear. There\u2019s a sophisticated reinfection procedure that takes place every time ANY WordPress page is opened<\/em>. Like, seriously!?!<\/p>\n
If you think you\u2019ve already become infected, experts recommend taking the infected site down, or at least disabling all plug-ins, in order to clean up the infection. It\u2019s also a good idea to implement strong admin password policies, set up multi factor authentication, and use a Web Application Firewall. Also, check the GoDaddy report for indicators of compromise<\/a>.<\/p>\n
This is yet another reminder that security is never a \u201cset-it-and-forget-it\u201d deal. If you don\u2019t update your site, hackers will happily do it for you. \ud83d\ude31<\/p>\n
Boring Features Are the Backbone of WordPress\u2014And That\u2019s Exciting (No, Really)<\/h2>\n
Boring is good<\/strong>.<\/p>\n
In a recent article<\/a> for the WP Minute, Eric Karkovack reminds us that while everyone fawns over flashy AI tools, it\u2019s the so-called dull updates that actually keep WordPress professionals from losing their minds.<\/p>\n
Things like stability, predictability, and not waking up to a dashboard full of plugin conflict nightmares<\/em> are actually massive wins.<\/p>\n
The real magic of WordPress happens when things just\u2026 work. No drama. No frantic Googling of error messages at 2 AM. Just a smooth, predictable system that allows pros to build and maintain sites without feeling like they\u2019re defusing a bomb every time they hit \u201cUpdate.\u201d<\/p>\n
For example, WordPress 6.8 using bcrypt to encrypt user passwords? Not that exciting or sexy – but definitely<\/em> a win.<\/p>\n
Eric has a glass-half-full perspective on Automattic\u2019s reduction in contributor hours to the WordPress project. He believes that a slowdown in new feature development may turn some attention to small, longstanding issues that need to be looked at. It could be a \u201cchance to clean up WordPress and make it leaner and more efficient.\u201d<\/p>\n
Either way, Eric\u2019s right that \u201cunexciting\u201d fixes are worth appreciating. In the world of web development, boring is just another word for reliable. And reliable means less stress, happier clients, and more time to waste posting silly memes of your dog on Bluesky<\/em>.<\/p>\n
What are your thoughts? What\u2019s your fave \u201cboring\u201d update?<\/p>\n
Cool Stuff Clever WordPress Folks Have Made Recently<\/h3>\n
We\u2019re always impressed by the neat plugins, projects and blocks that smart people in the WordPress world have been tinkering with. Here are some of the gems we\u2019ve spotted recently:<\/p>\n
- \n
- Bhargav (Bunty) Bhandari made a totes-profesh-looking block that lets you add LinkedIn-style work experience history to your site<\/a>, complete with title, company name and description.<\/li>\n
- Robert DeVore made \u201cSlop Stopper,\u201d a WordPress content checker that will help stop your multi-author blog from being swamped by poor quality AI-written drivel<\/a>.<\/li>\n
- Hudson Atwell built a free email signature generator<\/a>, so you can sign off those passive-aggressive \u201cas per my earlier email\u2026\u201d messages with flair.<\/li>\n
- Johnathon Williams of Odd Jar built QuickLink Pro<\/a>, a link management solution that helps you add external links to the standard link dialog in the block editor for easy linking.<\/li>\n
- Djordje Arsenovic<\/a> created a very cool block which allows you to make text appear like it is being typed on a typewriter<\/a>. Lots of fun possibilities there!<\/li>\n<\/ul>\n
What other interesting projects have you seen in the wild? Share them with us in the comments. <\/p>\n
Mind Bloggling Facts & Stats<\/h2>\n
- \n
- According to the Verizon Data Breach Investigations Report 2024, 68% of WordPress data breaches were not caused by malicious hackers or phishing scams but by accidental security lapses. Oops\u2026 (Source<\/a>)<\/li>\n
- Patchstack reported that 7,966 new security vulnerabilities were found in the WordPress ecosystem in 2024, which is about 22 new vulnerabilities per day. Of those vulnerabilities, 96% were found in plugins and only 4% in themes. Better keep an eye on those plugins, hey? (Source<\/a>)<\/li>\n
- Kinsta recently published some pretty eye-opening data about Black Friday & Cyber Monday shoppers. For example, desktop traffic increased by 21.5% on Cyber Monday, revealing that shoppers are taking more time to engage with websites to read reviews and content – rather than grabbing spontaneous deals on their phone. (Source<\/a>)<\/li>\n<\/ul>\n
Blogs & Resources You Shouldn\u2019t Miss<\/h2>\n
\n![\"Tweet](\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2025\/03\/pronouncing-svg-as-savage.png\")
<\/div>\n<\/div>\n\u201cI\u2019m a .SVG\u2026 Classy, bougie, ratchet, sassy, moody, nasty\u2026\u201d Topher DeRosia gives us the lowdown on .SVG images and how to use them in WordPress<\/a>. <\/p>\n
Michelle Frechette shares some relatable reflections on burnout and inertia in her post, Running in Place<\/a>.<\/p>\n
Don\u2019t know how to commit? (Don\u2019t worry, we\u2019re talking code reviewing, not romance) This guide from Michael Lynch shows you how to write marvelously helpful commit messages<\/a>. <\/p>\n
In your quest to make all your WordPress stuff more accessible, it\u2019s easy to get scammed by \u201caccessibility cowboys\u201d selling bogus fixes. Anne Bovelett created a great guide on how to avoid these fake experts<\/a>. <\/p>\n
If privacy policies confuse the heck outta you, Trevor Willingham attempts to explain the basics using memes<\/a> in this post on The Admin Bar. <\/p>\n
If you\u2019re seeking a way to hide a page in WordPress, Martin Dubovic posted a video tutorial with 5 different tricks<\/a> to make content vanish from visitors and crawlers. <\/p>\n
Schema whaa? Jolissa Skow breaks down Schema Markup and how to use it in WordPress<\/a> in this super helpful guide. <\/p>\n
Coffee Break Distractions<\/h2>\n
This developer asked Cursor AI to generate code for him, and it said, \u201cUh, no. Do it yourself.\u201d lol<\/a><\/p>\n
A bit of a mind-bending one: We\u2019ve Been Wrong About Math for 2300 Years<\/a><\/p>\n
Have you seen WordCamp Europe 2025\u2019s adorable Basel Carnival \u201cWaggis\u201d inspired Wapuu? Those teeth! We have no choice but to stan a blue-haired prankster. <\/a><\/p>\n
Fascinating read: Cloudflare is trapping malicious AI bots in never-ending \u201cAI Labyrinths.\u201d<\/a><\/p>\n
A surprisingly fluffy oreo cookie.<\/a> <\/p>\n
- Patchstack reported that 7,966 new security vulnerabilities were found in the WordPress ecosystem in 2024, which is about 22 new vulnerabilities per day. Of those vulnerabilities, 96% were found in plugins and only 4% in themes. Better keep an eye on those plugins, hey? (Source<\/a>)<\/li>\n
- Robert DeVore made \u201cSlop Stopper,\u201d a WordPress content checker that will help stop your multi-author blog from being swamped by poor quality AI-written drivel<\/a>.<\/li>\n
- The malicious scripts hijack your traffic and redirect visitors to, well, somewhere<\/em>. It could be a phishing page, a dodgy fake \u201cbank,\u201d a cryptocurrency site or a dating scam.<\/li>\n