Bricks Security: The Surprising Reason I Didn’t Get Hacked
Vložit
- čas přidán 25. 02. 2024
- To my surprise, none of my Bricks sites were hacked in the recent security scare.
Yes, I did update Bricks as soon as I heard about it. But it turns out my hosting company were WAY ahead of the game. Without me even knowing, they'd patched my sites BEFORE the vulnerability was even made public.
"The Bricks exploit was never successfully used on a site hosted at Rocket.net."
Rocket.net: davefoy.link/rocketnet (affiliate link) 🚀
LINKS IN THE VIDEO
- Details of the Bricks vulnerability: snicco.io/vulnerability-discl...
- Remkus de Vries and Calvin Alkan livestream: • Everything about the B...
- How to fix your site if you got hacked: academy.bricksbuilder.io/arti...
- BricksLabs: brickslabs.com
- GridPane: gridpane.com
MY FREE BRICKS MASTERCLASS
Take my FREE Bricks masterclass-learn the real key to faster builds, effortless future maintenance, and more profitable projects:
davefoy.link/bricks-masterclass
![Eminem - Houdini [Official Music Video]](http://i.ytimg.com/vi/22tVWwmTie8/mqdefault.jpg)
Thanks for the shoutout, Dave! Appreciate it. The final video of the interview I did with Calvin lives at a different CZcams URL, btw.
No worries, brother. Any time. I updated the description with the new URL 🙏🏼
@@DaveFoy Thank you!
I have great confidence in Thomas. With this experience, his competence and ethics, I bet he will make Bricks bullet-proof for the future.
just a pity that with this re-prioritization I'll have to wait longer for the component feature.
Yes. I know they've taken this very seriously and are already undertaking a thorough security review.
@@goodchoices5125 Yeah, that's the extra bummer!
Great video, great perspective. Love the quote “for those of you who like to grab the other end of the stick…” 😀
Haa haa, thanks Nora. ☺️
As always, great video pal. Keep up the great work.
Thank you sir.
Marked safe from the great Bricks vulnerabilty. Lol. Glad you were on top of it. Since all of my sites are Bricks now, so I was on top of it as well. KUDOS to Bricks team for their swiftness. I will be looking closely at Rocket from this point on!!
Glad you got through it unscathed too Mark. :)
The master at work!
☺️
How can one signup for such vulnerability updates specific to the most common themes and plugins one uses?
Good video
Thanks, Derek.
We were lucky, just 3 sites got hit. but i was a shitshow to clean it up. i don´t blame bricks. other builder got hit at some point, but this one was realy fast. Maybe AI is to blame for that, but normaly you have a little bit more time to react.
They were v quick off the mark, yes.
I was just lucky or maybe my webhosting companies did it or me!?
It's possible! If you updated quickly then that'd also do it.
all plugins allowing to "add PHP code"... so that includes tools like Code Snippets and the like, if they allow PHP, I guess...?
I wasn't hacked either, btw... Probably not because of my hosting company, though, but because I use BBQ Pro (and Solid Security Pro)...
Hey Nelson. I'm not a security expert, as you can tell from the video. But I think the difference is - the Bricks vulnerability allowed *unauthenticated* users to execute arbitrary PHP code without needing to log in or have any user account on the WordPress site. Whereas, code snippet plugins are for admin-level users only. So for someone to execute malicious code in a code snippet plugin, they'd first need to access an admin-level user account, which is a lot higher barrier to entry compared to exploiting a vulnerability that allows unauthenticated access.
With the Bricks vulnerability, they were able to bypass the authentication process entirely, allowing direct execution of PHP. I *think* that's roughly it anyway!
j cole would be proud
Famously hosts with Rocket.net.
Switched to Webflow ;) Did bite the WP bullet, finally.
My heart also wants to jump to Webflow sometimes but my brain can't let that happen. How long are you able to live with the limitations? Are you ok to pay monthly fees for limited resources? Did you know that ones your site becomes bigger than the standard packages you got to pay a lot in the enterprise plan? A good security plan will protect you against any attack, stay free and unlimited by open source software :)
@@ocertanYou really have to be a large site to go over 200gb of bandwidth and 250k monthly visitors. We switched to Webflow a few years ago and all of our client sites just work. Switching back to Wordpress for a larger site, has been an interesting transition. With Webflow you don’t need to really think about any of this. Most people argue about costs, but I actually think when you compare plugin costs, hosting costs, firewalls, security, Wordpress costs more vs $29m Webflow plan.
@@ocertan Just out of interest what limitations would be an issue for the kind of projects you’re creating?
@sam-harrison Hey Sam, by limitation I primarily mean the extendebility of the platform by plugins. You can do a lot with Webflow but if you once come around a client that needs certain functionality like ticketing for example, sooner or later you have to work with WordPress again. At last, you need to know how to implement a good security strategy by then. For most client works Webflow will be sufficient of course. As an agency to split the workflow between those two can be a bit less efficient.
I love the idea to finish a client work and never worry again because of updates or security. The type of clients we attract at the moment can't let that happen though. How are you managing these issues as a Webflow based Web-Specialist?
The commotion over this is why I left the fb group. How much longer can this dead horse be flogged?
Come back. All security related stuff must now only be posted in a single topic in the group.
No horses, dead or alive, were flogged in the making of this video. Just sharing a great hosting experience.
@@SridharKatakam Thanks for the moderation. I did stop reading Bricks fb for awhile. It is now back to an enjoyable community - as I can sort by new posts and avoid all that noise.
Love Bricks, but these are the kind of things that separate a young product like Bricks to a more established player like Elementor.
I know a security researcher who would strongly disagree with you there.
Today elementor announced a enterprise level security issue and stressed to update to the next version 😂
Elementor safe... yeah right 😂
LOL, Elementor keeps on having security issues... In fact, they released 3.19.3 with a security patch no later than today (or yesterday)...
The rabid Bricks super fans can’t even admit to a simple statement of fact.