Coder Catchup

WordPress 5.2, which is available now, comes with some great and much needed security features. Cryptographically-signed updates Starting with WordPress 5.2, the WordPress team will digitally sign its update packages with the Ed25519 public-key signature system so that a local installation will be able to verify the update package's authenticity before applying it to a local site. Adding support for cryptographically-signed updates is an important step in preventing threat actors from carrying out a supply-chain attack on all WordPress sites, something that security firms have warned for more than two years now. "Before WordPress 5.2, if you wanted to infect every WordPress site on the Internet, you just had to hack [the WordPress] update server," said Scott Arciszewski, Chief Development Officer at Paragon Initiative Enterprises, and one of the developers involved in securing the WordPress update system. "After WordPress 5.2, you would need to pull off the same attack and somehow pilfer the si