If you use any of the very popular Woo Themes then you may have woken up to a bit of a nasty surprise today – but there is a solution!
They sent out an email letting all of their users know that they’ve been getting pummeled by a DDoS (Denial of service, basically people who want to hurt their business) attack.
This not only made their site intermittent, but has left a gapping security hole that needed to be patched up. They suggest updating the underlying architecture that their themes rely on called the WooFramework.
However, when many people go and click the “update framework” option in WordPress it’s saying their Framework is up-to-date when it’s actually just not updating.
Don’t worry though, I’ve got you covered on how to manually secure your site. After all even the website for my popular WordPress plugin Contest Domination was running on a modified WooTheme so I had to secure that as soon as possible.
Patching the WooFramework
If you are lucky enough to click “Update Framework” and see version 5.3.12 then you are golden. This the most current version at the time of this post and solves the vulnerability.
However, if you were like me or countless others you’ll need to get your hands a little dirty manually update the framework and protect yourself.
Fire up your favorite FTP client and find:
wp-content/themes/theme_name/functions/ because this is where the work is.
You are going to want to download the latest Framework files (click here to download). Unzip the file and upload the contents of the Framework folder into /functions/
Head back to “Update Framework” section within WordPress and you should be all set.
What’s a Framework?
Frameworks were built to expand upon the base functionality of a standard WordPress install – and that’s a very good thing for the consumer.
The product that really invented the space was Thesis by DIY Themes, who integrated most of the popular plugin functionality into an easy to use package.
You can think of Frameworks as a layer that sits on top of WordPress to give you clean and easy access to the features you most desire right out of the box.
While many WordPress purists will argue against Frameworks, the reality is that very few people can be a developer or afford to hire one.
Great WooFramework Alternatives
While Woo Themes is a very popular service, it’s worth noting that many people are enjoying the benefits of Frameworks who haven’t had their face melted by malicious attacks.
It’s up for debate as to why that is, maybe it’s because these people aren’t interested.. maybe it’s because these other options have better code that is less susceptible.
I’ll let you make that decision, but here’s two excellent options that I use on many of my other sites and haven’t had any of the issues that the WooThemes/Framework has had.
Arguably the founder of the Framework space, Thesis has been used by thousands of websites including Matt Cutts of Google and even on this site too.
I’ve been using Thesis for years and been quite happy with the feature set that it ships with. While WordPress has been slowly catching up, there is no arguing that my sites running on Thesis run faster and are easier to use out of the box when they have Thesis instead of just a plain WordPress installation.
Having met the guy behind it all, Chris Pearson, he mentioned to me that customers of Thesis will be getting a free upgrade to the highly anticipated Thesis 2 when it ships.
That’s a whole lot of value.
Pro-tip: Get more out of Thesis
You’ll notice something about Thesis sites, while the extra functionality is killer, some definitely look better than others.
A smart kid named Alex Mangini is cranking out some pretty impressive skins for Thesis, including the one seen on this blog called Marketers Delight 2.
To put it simply: Thesis is your secret weapon and Kolakube makes it pretty.
Very similar to Thesis in a lot of ways, Genesis has more customers than Thesis – however that’s doesn’t always make it better.
There is a trade off between the two platforms, I’ve used both and they each have their unique qualities.
Genesis has a few more built-in widgets to make life easier but Thesis tends run a little lighter and was a better commenting system etc.
Additionally, I feel that the skins from Kolakube for Thesis are much better than the ones from StudioPress for Genesis.
But of course design, like many things, is subjective so I urge you to make your own decision.
Both of the options listed here would be great alternatives to the WooThemes Framework and offer increased flexibility and functionality in my humble opinion.