☆ Not an expert. Probably wrong.
UUIDs (Universally Unique IDentifier), also known as GUIDs (Globally Unique IDentifier), is a string that identifies a piece of information in computer systems. WordPress use GUIDs to identify each individual post, but use URLs (kind of) for GUIDs, and thus does not follow the standard definition (RFC 4122) of a UUID (or GUID).
Continue reading “Proper RFC 4122 UUIDs as GUIDs in WordPress”
Email is fundamentally insecure. There are such a plethora of issues with it, it is crazy to think about the kind of information sent with it. It is probably even crazier when you realize we’ve had a solution for sending secure email since 1991.
Continue reading “Secure email: Encrypt and sign your emails with PGP/GnuPG”
This weekend I was at WordCamp Berlin, met a lot of great people, and watched a lot of interesting presentations. WordCamps are actually quite informal by themselves, but at the afterparties, people are really letting their shoulders down and it often seems like people are long-time personal friends. If you open up to it, it won’t take long until people will give you feedback on whatever you have released in public.
Continue reading “Six reasons why I love WordCamps”
Many ISPs and other DNS providers are slow or inject ads, track you, hijack DNS queries or do other nasty stuff. To mitigate this, you should use a fast, reliable and free service that respects your DNS privacy.
Continue reading “DNS privacy: Use a DNS provider that doesn’t track you”
This is the second post in my series of posts on some of the tools I use to stay a little safer and protect my privacy online. With self-destructing cookies, you get a clean sheet even with those who don’t respect the Do-Not-Track header.
Continue reading “Self-destructing cookies: Real, forced Do-Not-Track for your privacy”WordPress doesn’t use a nonce for the login form, which opens up for you to perform a WordPress session donation attack.
Continue reading “How to perform and mitigate a WordPress session donation attack”
If you’re utilizing the browser cache correctly, you’ll gain huge performance benefits for your users, as well as save bandwidth and server capacity which equals to saving money. To do this right, you must create unique URLs for all versions of your resources, and tell them to never ask for the content again by telling the browsers that the assets are immutable resources.
Continue reading “Immutable assets with unique URLs in WordPress for enqueued JS and CSS files”
I’m running a series of posts on some of the tools I use to stay a little safer and protect my privacy online. Here’s how you can get much better secure messaging on your phone using the Signal app.
Continue reading “Secure messaging on your phone with the Signal app”
Tavis Ormandy from Google’s Project Zero contacted Cloudflare to report a security problem with their service. It turned out that in some unusual circumstances, they would bleed memory that contained private information.
Inspired by how Facebook assists their users when they log in, I decided to implement something like the same for WordPress.
Continue reading “Giving users a helping hand when authorizing them in WordPress”
