No video
Bricks Security: The Surprising Reason I Didn’t Get Hacked
Рет қаралды 3,366
Күн бұрынTo my surprise, none of my Bricks sites were hacked in the recent security scare.
Yes, I did update Bricks as soon as I heard about it. But it turns out my hosting company were WAY ahead of the game. Without me even knowing, they'd patched my sites BEFORE the vulnerability was even made public.
"The Bricks exploit was never successfully used on a site hosted at Rocket.net."
Rocket.net: davefoy.link/r... (affiliate link) 🚀
LINKS IN THE VIDEO
- Details of the Bricks vulnerability: snicco.io/vuln...
- Remkus de Vries and Calvin Alkan livestream: • Everything about the B...
- How to fix your site if you got hacked: academy.bricks...
- BricksLabs: brickslabs.com
- GridPane: gridpane.com
MY FREE BRICKS MASTERCLASS
Take my FREE Bricks masterclass-learn the real key to faster builds, effortless future maintenance, and more profitable projects:
davefoy.link/b...
@remkusdevries 5 ай бұрын
Thanks for the shoutout, Dave! Appreciate it. The final video of the interview I did with Calvin lives at a different KZfaq URL, btw.
@DaveFoy 5 ай бұрын
No worries, brother. Any time. I updated the description with the new URL 🙏🏼
@remkusdevries 5 ай бұрын
@@DaveFoy Thank you!
@goodchoices5125 6 ай бұрын
I have great confidence in Thomas. With this experience, his competence and ethics, I bet he will make Bricks bullet-proof for the future.
@goodchoices5125 6 ай бұрын
just a pity that with this re-prioritization I'll have to wait longer for the component feature.
@DaveFoy 6 ай бұрын
Yes. I know they've taken this very seriously and are already undertaking a thorough security review.
@DaveFoy 6 ай бұрын
@@goodchoices5125 Yeah, that's the extra bummer!
@noraholmquist8231 6 ай бұрын
Great video, great perspective. Love the quote “for those of you who like to grab the other end of the stick…” 😀
@DaveFoy 5 ай бұрын
Haa haa, thanks Nora. ☺️
@farhan-app 6 ай бұрын
As always, great video pal. Keep up the great work.
@DaveFoy 6 ай бұрын
Thank you sir.
@markbratton111 6 ай бұрын
Marked safe from the great Bricks vulnerabilty. Lol. Glad you were on top of it. Since all of my sites are Bricks now, so I was on top of it as well. KUDOS to Bricks team for their swiftness. I will be looking closely at Rocket from this point on!!
@DaveFoy 6 ай бұрын
Glad you got through it unscathed too Mark. :)
@kylevandeusen 6 ай бұрын
The master at work!
@DaveFoy 6 ай бұрын
☺️
@JunaidCo 4 ай бұрын
How can one signup for such vulnerability updates specific to the most common themes and plugins one uses?
@derekshort 5 ай бұрын
Good video
@DaveFoy 5 ай бұрын
Thanks, Derek.
6 ай бұрын
We were lucky, just 3 sites got hit. but i was a shitshow to clean it up. i don´t blame bricks. other builder got hit at some point, but this one was realy fast. Maybe AI is to blame for that, but normaly you have a little bit more time to react.
@DaveFoy 6 ай бұрын
They were v quick off the mark, yes.
@jean-paulmesserli8269 6 ай бұрын
I was just lucky or maybe my webhosting companies did it or me!?
@DaveFoy 6 ай бұрын
It's possible! If you updated quickly then that'd also do it.
@NelmediaCa 6 ай бұрын
all plugins allowing to "add PHP code"... so that includes tools like Code Snippets and the like, if they allow PHP, I guess...? I wasn't hacked either, btw... Probably not because of my hosting company, though, but because I use BBQ Pro (and Solid Security Pro)...
@DaveFoy 6 ай бұрын
Hey Nelson. I'm not a security expert, as you can tell from the video. But I think the difference is - the Bricks vulnerability allowed *unauthenticated* users to execute arbitrary PHP code without needing to log in or have any user account on the WordPress site. Whereas, code snippet plugins are for admin-level users only. So for someone to execute malicious code in a code snippet plugin, they'd first need to access an admin-level user account, which is a lot higher barrier to entry compared to exploiting a vulnerability that allows unauthenticated access. With the Bricks vulnerability, they were able to bypass the authentication process entirely, allowing direct execution of PHP. I *think* that's roughly it anyway!
@Grow_YouTube_Views_93 6 ай бұрын
j cole would be proud
@DaveFoy 6 ай бұрын
Famously hosts with Rocket.net.
@avipro737 6 ай бұрын
Switched to Webflow ;) Did bite the WP bullet, finally.
@ocertan 6 ай бұрын
My heart also wants to jump to Webflow sometimes but my brain can't let that happen. How long are you able to live with the limitations? Are you ok to pay monthly fees for limited resources? Did you know that ones your site becomes bigger than the standard packages you got to pay a lot in the enterprise plan? A good security plan will protect you against any attack, stay free and unlimited by open source software :)
@replymedia 6 ай бұрын
@@ocertanYou really have to be a large site to go over 200gb of bandwidth and 250k monthly visitors. We switched to Webflow a few years ago and all of our client sites just work. Switching back to Wordpress for a larger site, has been an interesting transition. With Webflow you don’t need to really think about any of this. Most people argue about costs, but I actually think when you compare plugin costs, hosting costs, firewalls, security, Wordpress costs more vs $29m Webflow plan.
@sam-harrison 6 ай бұрын
@@ocertan Just out of interest what limitations would be an issue for the kind of projects you’re creating?
@ocertan 5 ай бұрын
@sam-harrison Hey Sam, by limitation I primarily mean the extendebility of the platform by plugins. You can do a lot with Webflow but if you once come around a client that needs certain functionality like ticketing for example, sooner or later you have to work with WordPress again. At last, you need to know how to implement a good security strategy by then. For most client works Webflow will be sufficient of course. As an agency to split the workflow between those two can be a bit less efficient. I love the idea to finish a client work and never worry again because of updates or security. The type of clients we attract at the moment can't let that happen though. How are you managing these issues as a Webflow based Web-Specialist?
@bend84 6 ай бұрын
The commotion over this is why I left the fb group. How much longer can this dead horse be flogged?
@SridharKatakam 6 ай бұрын
Come back. All security related stuff must now only be posted in a single topic in the group.
@DaveFoy 6 ай бұрын
No horses, dead or alive, were flogged in the making of this video. Just sharing a great hosting experience.
@noraholmquist8231 6 ай бұрын
@@SridharKatakam Thanks for the moderation. I did stop reading Bricks fb for awhile. It is now back to an enjoyable community - as I can sort by new posts and avoid all that noise.
@John.Rearden 6 ай бұрын
Love Bricks, but these are the kind of things that separate a young product like Bricks to a more established player like Elementor.
@DaveFoy 6 ай бұрын
I know a security researcher who would strongly disagree with you there.
@ocertan 6 ай бұрын
Today elementor announced a enterprise level security issue and stressed to update to the next version 😂
@marin171079 6 ай бұрын
Elementor safe... yeah right 😂
@NelmediaCa 6 ай бұрын
LOL, Elementor keeps on having security issues... In fact, they released 3.19.3 with a security patch no later than today (or yesterday)...
@John.Rearden 6 ай бұрын
The rabid Bricks super fans can’t even admit to a simple statement of fact.
Remkus de Vries – WordPress Specialist
Рет қаралды 1,8 М.
The Breakfast Show
Рет қаралды 461 М.