WordPress 4.7 New Features

As expected, WordPress 4.7 has shipped and is now available. Our team are very excited to work with whats new in this release. It is a Major Release of 2016, and comes with some exciting new features. In this post, we will look at what’s new in WordPress 4.7, and which features you should notice or play around with after updating to this version. To view all the updates, bug fixes and new features included in this new version, please visit on over to https://wordpress.org/news/category/releases/.

We are most excited about the brand new TwentySeventeen Theme and enhancements to the customiser. (more details covered below)

What’s new in WordPress 4.7 Major Release?

This update is a really huge update for WordPress. While most of the updates seem to have happened on the new theme, this brings a new dimension in WordPress’es online domination of the Website market as well as pushes WordPress right into businesses and not just bloggers. This latest major update of the most used CMS in the world comes with the following featues:

Brand new TwentySeventeen Theme

The new WordPress ships with a new theme Twenty Seventeen.


The new theme has been specifically designed for businesses rather than blogs and is great for both small, medium and large busiensses. The new theme also comes with a large number of enhancements to make it easier for smaller businesses to setup such as

  • Generic starter content already populated that a customer can just go in and edit
  • Edit buttons on editable areas that you can click on and edit elements
  • Videos that can replace the big images on the front page or the header
  • Custom css that allows admin to make changes to the site quickly
  • Live preview of custom css
  • Ability to add pages directly from the Customiser and then update the pages later

PDF Thumbnails

A big feature that has been missing from WordPress has finally been  fixed. Now you can preview the thumbnails of your PDFs in the media library. Oh the hassle and time this feature will save 🙂

Different language Dashboard

You can now setup WordPress with multi lingual dashboards based on user preference.

Post Type Templates

Another huge update, allowing you to customise your posts in different templates.

REST API endpoints

Another huge update for Developers allowing them to use WordPress as a data repository and pull content from them. Currently it allows interaction with posts, comments, terms, users, meta and setttings.

More Developer updates

  • Post Type Templates
  • REST API endpoints
  • More Theme API functionalities
  • Custom Bulk Actions for list tables 🙂
  • Updated WP_Hook
  • Customise changesets

NetON Major Release Update Policy

Our team will be working on your website (hosted at our servers) to make sure your WordPresswebsite is up-to date. This is done for any Major Release.


WordPress is arguably the most powerful blogging and website content management system (or CMS) in existence today. 30% of all new domains run on WordPress. 60% of all CMS run websites run on WordPress.

WordPress Update Policy

With this being a Major Release, our team will be working to make sure that your website gets updated as soon as possible.

NetON WordPress Development Services

NetON offers a complete range of WordPress Services for Australian businesses. Our team is constantly working on WordPress Website Development, WordPress Design, WordPress Hosting, Strengthening WordPress Security, running SEO OPtimisation on WordPress Websites and upgrading Core and WordPress Plugins. We work with some of the smallest and the biggest companies in Australia and around the world and help them build and maintain their WordPress website to generate the best results for them. Please contact us for more details on our services. Please call us or email us on the details on our Contact Us page.

WordPress Demo Website Updated with new theme and 4.7 goodness

NetON maintains and upto date demo site of the latest version of WordPress that you can browse through. We have just updated the site to WordPress 4.7 with the new twentyseventeen theme. Click here to view WordPress Demo Site

Disqus Vulnerability for WordPress

A Remote code execution (RCE) vulnerability has been discovered in the comment and discussion service, Disqus plugin for the plugin used in WordPress. This also allows an attacker to do as they please with the website.

The vulnerability was disclosed by a security firm and only works for sites which have

  • PHP 5.1.6 or earlier
  • WordPress 3.1.4 or earlier
  • Disqus plugin version 2.75 or earlier

Roughly 5% or more of all WordPress sites are still 3.1 or earlier, which still leaves a lot of sites vulnerable so to be on the safe side, we recommend all our clients to update their plugins or reach out to a NetON account manager to update their site for them.

The best solution is to upgrade the plugin to the latest 2.76 version.



WordPress Jetpack Critical Vulnerability, Update now

Internet security this week has taken a hammering with HeartBleed and now critical vulnerability has been discovered in Jetpack  which is probably the most used plugin for WordPress.

If you are using Jetpack in your WordPress site, please make sure you update it straight away to version 2.9.3

Here is the information from the Jetpack blog

During an internal security audit, we found a bug that allows an attacker to bypass a site’s access controls and publish posts. This vulnerability could be combined with other attacks to escalate access. This bug has existed since Jetpack 1.9, released in October 2012.

Fortunately, we have no evidence of this being used in the wild. However, now that this update is public, it’s just a matter of time before exploits occur. To avoid a breach, you should update your site as soon as possible.

This is a bad bug, and Jetpack is one of the most widely used plugins in the WordPress world. We have been working closely with the WordPress security team, which has pushed updates to every version of the plugin since 1.9 through core’s auto-update system. We have also coordinated with a number of hosts and network providers to install network-wide blocks to mitigate the impact of this vulnerability, but the only sure fix is updating the plugin.

WordPress Security–3.5.2 Security Update

Great to see a security update for WordPress 3.5.2

WordPress 3.5.2 Maintenance and Security Release. This release adds a number of security fixes including:

  • Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site.
  • Disallow contributors from improperly publishing posts, reported by Konstantin Kovshenin, or reassigning the post’s authorship, reported by Luke Bryan.
  • An update to the SWFUpload external library to fix cross-site scripting vulnerabilities. Reported by mala and Szymon Gruszecki. (Developers: More on SWFUpload here.)
  • Prevention of a denial of service attack, affecting sites using password-protected posts.
  • An update to an external TinyMCE library to fix a cross-site scripting vulnerability. Reported by Wan Ikram.
  • Multiple fixes for cross-site scripting. Reported by Andrea Santese and Rodrigo.
  • Avoid disclosing a full file path when a upload fails. Reported by Jakub Galczyk.

Additionally: Version 3.5.2 fixes seven security issues:

  • Server-Side Request Forgery (SSRF) via the HTTP API.
  • Privilege Escalation: Contributors can publish posts, and users can reassign authorship.
  • Cross-Site Scripting (XSS) in SWFUpload.
  • Denial of Service (DoS) via Post Password Cookies.
  • Content Spoofing via Flash Applet in TinyMCE Media Plugin.
  • Cross-Site Scripting (XSS) when Uploading Media.
  • Full Path Disclosure (FPD) during File Upload.

Additional security hardening includes:

  • Cross-Site Scripting (XSS) (Low Severity) when Editing Media. CVE-2013-2201.
  • Cross-Site Scripting (XSS) (Low Severity) when Installing/Updating Plugins/Themes. CVE-2013-2201.
  • XML External Entity Injection (XXE) via oEmbed. CVE-2013-2202.

All of our existing client installations will automatically be updated.

WordPress Plugin to see how far a page has been scrolled

We have just built a wordpress plugin that tells you how far a page has been scrolled. This is available to all existing clients with wordpress installations with us.

Home Page scroll

How far does your visitor scroll down the home page?
Is it better to have your content on the top of the page?
Is it okay to have a long scrolling page?

The plugin will allow you to know exactly how far your wordpress home page is being scrolled so that you can provide better content to your visitors.

Blog Page

Another area where this plugin will be helpful is the main blog page. By default blog pages will have at least 10 posts with excerpts, social media buttons and links. This causes quite a long page. With the new plugin, you will be able to make a decision on how much posts is the correct amount on the page.

Activating the functionality on your WordPress website

Please get in touch with us to set up a time to set this up and to find out how to get the reports on how far your pages are being scrolled.

Pinterest WordPress plugin for NetON Clients

Pintrest Button for Pages and Posts in WordPress

We have just launched the Pinterest plugin for all of our WordPress Installations that we are currently maintaining and hosting. The Pin It button sits nicely among the Facbeook
Like/Send, Twitter, LinkedIn and Google Plus buttons in both horizontal and vertical views.

Example of Horizontal View


Vertical View Example