[DEVELOPING] Possible Email DDOS attack exploiting MailPoet (WordPress plugin)

This is a developing issue happening right now, please check back on this page for any updates over the following days.

Last updated 2018-03-29

Starting around March 25, 2018, I started seeing an unusual amount of bounces from my email server. The emails bouncing were the double-opt-in “please confirm your subscription” messages automatically generated by the WordPress plugin MailPoet.  This happens from time to time if, for example, somebody accidentally mis-types their email address. But now, suddenly they were coming in repeatedly for the same handful of addresses, including ones like support@linode.com and abuse@linode.com. So out of curiosity I headed over the Linode Status page, and saw this:

Continue reading [DEVELOPING] Possible Email DDOS attack exploiting MailPoet (WordPress plugin)

Fix “Sorry, This File Type Is Not Permitted For Security Reasons” Error in WordPress

So you’re trying to upload an otherwise harmless file into WordPress, and you keep getting a “Sorry, This File Type Is Not Permitted For Security Reasons” error.  Sure you could just upload the file via FTP, but it wouldn’t be attached to anything in the WP database.  Now what do you do?

There are probably many ways to solve this, but here is the approach that worked best for my particular use case.  I’ll share it here in case it helps someone else too.

Continue reading Fix “Sorry, This File Type Is Not Permitted For Security Reasons” Error in WordPress