☆ Not an expert. Probably wrong.
A little sensationalist written blog post by Barak Tawily claims that WordPress is vulnerable to a DoS attack because of the load-scripts.php file which concatenates JavaScript files on the fly.
Read More How to mitigate CVE-2018-6389 – the load-scripts.php DoS “attack” in WordPressOMFG, BREAKING NEWS: Thousands of WordPress sites affected by some vulnerability.
Read More Another day, another “WordPress security vulnerability”The resources you have available to spend on WordPress security for your website usually vary vastly whether you’re an international corporation or just a hobbyist blogger. But since most attacks are automated by bots looking for vulnerabilities, a lot of the threats are the same. Here are some WordPress security measures that bloggers and small […]
Read More WordPress security for the casual blogger or small business with limited resourcesEmail is fundamentally insecure. There are such a plethora of issues with it, it is crazy to think about the kind of information sent with it. It is probably even crazier when you realize we’ve had a solution for sending secure email since 1991.
Read More Secure email: Encrypt and sign your emails with PGP/GnuPGWordPress doesn’t use a nonce for the login form, which opens up for you to perform a WordPress session donation attack.
Read More How to perform and mitigate a WordPress session donation attackI’m running a series of posts on some of the tools I use to stay a little safer and protect my privacy online. Here’s how you can get much better secure messaging on your phone using the Signal app.
Read More Secure messaging on your phone with the Signal appTavis Ormandy from Google’s Project Zero contacted Cloudflare to report a security problem with their service. It turned out that in some unusual circumstances, they would bleed memory that contained private information.
Read More How CloudFlare handled CloudBleedIf you have someone’s public SSH key, you can use OpenSSL to safely encrypt a file and send it to them over an insecure connection (i.e. the internet). They can then use their private key to decrypt the file you sent.
Read More Encrypt and decrypt a file using SSH keysWith the advent of the fully automated and free of cost certificate authorities Let’s Encrypt and StartCom there is no doubt that the future of CAs are changing.
Read More The future of Certificate AuthoritiesEnabling uploads of SVG files in WordPress is quite easy, and there is a tonne of posts on the Interwebs explaining how you do it. Usually along the lines of: function add_svg_to_upload_mimes( $upload_mimes ) { $upload_mimes[‘svg’] = ‘image/svg+xml’; $upload_mimes[‘svgz’] = ‘image/svg+xml’; return $upload_mimes; } add_filter( ‘upload_mimes’, ‘add_svg_to_upload_mimes’, 10, 1 ); And that’s pretty much it. […]
Read More SVG uploads in WordPress (the Inconvenient Truth)