Wordpress 7.0.2 security patch
bikegremlin
ModeratorOGContent Writer
in WordPress
An anonymous HTTP request can run code on a WordPress site.
ASAP update is advised to patch this WP core vulnerability:
Affected versions 6.9 (patched with 6.9.5 update) and 7.0 (patched with 7.0.2 update)
Article on the topic:
https://thehackernews.com/2026/07/new-wp2shell-wordpress-core-flaw-lets.html
Thanked by (1)mikho
Comments
Keep autoupdate on wordpress enabled. Lifesaver for issues like this.
As for me, I switched from wordpress to static file hosting so that is another great alternative if your site content does not change often.
This.
I'm in the process of changing to a static site.
Still tweaking the looks, but its close to removing Wordpress and one headache less.
“Technology is best when it brings people together.” – Matt Mullenweg
Static sucks for changes and rewrites/updates. A dynamic CMS was invented for a reason.
Auto updates also come with site breaking risks.
Pros and cons.
🔧 BikeGremlin guides & resources
CI-CD was also invented for this. My entire site is written in markdown for easy edits and changes. Once I "commit" my changes to git, the "static" site is generated and my server get's a trigger to "pull" the changes and deploy it.
Good on you!
I can assure you the decision is not easy, but once you manage to finally switch out your wordpress with a static site, you wont look back.
Wordpress is too much bloat for most sites and blogs. It's too "generic" for most people cause it tried to do EVERYTHING while being good at nothing...
this is the process I'm working by.
Local site editing in Obsidian (not sure why, but I have lots of notes in there), connected with Claude Code.
I edit, ask Claude to push it and have a webhook that pulls the updated files to my live website
At least, that is what the finished product will be
“Technology is best when it brings people together.” – Matt Mullenweg
I am using github + mkdocs. The workflow (and my site source code) is here:
https://github.com/somik123/site/blob/main/.github/workflows/deploy.yml
I bit the bullet and moved mysite from (Classic)Wordpress to static. Worked long hours with chatgpt and Mistralai to literally create it from scratch- to suit my needs. Was fun at times, frustrating most of the time and fabulous learning experience overall. Tried six or seven "static" cms..but settled for what I did. One was from your homeland- Datenstrom. Good bones, nice and easy.
rsync.. bliss !
blog archives
Yes, "Handover of maintenance" to an intern is a pro ;-) j/k. But i know what you mean...
Chatgpt kept sneaking in git for my discussions. I had to keep reminding it- I do not need git. Had to finally add "If you add git again, you will have to sing a song."
blog archives
I considered using Datenstrom but went with grav instead.
Same idea as with Datenstrom, keeping it simple and clean.
I still have a couple of ”theme” tweaks before I go live and replace my old website.
One thing I did was to try out using claude to re-write some of my ideas to proper articles.
It still needs a couple of more manual edits to have Claude learn how I write.
It look promising though.
All I want is an easy way to write notes and ”automagically” a short article is posted.
“Technology is best when it brings people together.” – Matt Mullenweg
The Holy Grail. I am a thousand mile away from the destination (i.e. I have taken the first step :-) )
p.s: The "blog" link in my signature is the wip static site perinneally under "development" while content gets updates.
blog archives
Also switched to static. All of my blog/news pages are just whatever website with an easy copy and paste template for new content. Much less of a headache
Michael from DragonWebHost & OnePoundEmail
I'm almost there; the text is not "in my own words," so to speak, but the gist is there. I have 10 articles that I will rewrite when I finish another coding project (just for fun). I hope it will learn, eventually
“Technology is best when it brings people together.” – Matt Mullenweg
Thanks. I'm still using WP in nearly 10 sites.
The ones never hacked are the ones with templates made from scratch by me (and well-maintained plugins) . I mean, not using things made for widely general purposes.