John Blackbourn highlights a few email-related…
Brian Krogsgard
John Blackbourn highlights a few email-related security improvements going into WordPress 4.9, including a change of email confirmation process.
If you’re looking for some good,…
Brian Krogsgard
If you're looking for some good, recent podcasts, you might want to check out this interview with Brad Williams over at Robojuice. It's an hour-long show focused on security and the question of whether WordPress is secure enough for Microsoft. The…
SiteLock has acquired a Dutch security…
Brian Krogsgard
SiteLock has acquired a Dutch security company called Patchman, which doubles the number of active sites they’ll have on their network. Patchman patches (good name!) vulnerabilities on the server, based on scanning files and identifying known vulnerable software. This is…
HackerOne opens possibilities for WordPress vulnerability hunting
Brian Krogsgard
HackerOne is a popular platform for vulnerability hunting and disclosure, built on a bounty system for properly disclosed software issues. As Aaron Campbell notes on the WordPress blog, "It provides tools that improve the quality and consistency of communication with…
DreamHost is the first host to offer Jetpack commercial option en masse
Brian Krogsgard
DreamHost has announced a new benefit for DreamPress customers: all customers can get Jetpack's commercial version -- including VaultPress backups and Akismet spam protection -- included in their plan for no additional cost. The deal was structured between Automattic and…
Robert Abela at WP White Security…
Brian Krogsgard
Robert Abela at WP White Security has an interview with BlogVault CEO Akshat Choudhary. The conversion revolves around the security breach involving BlogVault's online WordPress backup service in February. The BlogVault service itself, it turns out, was not hacked, but…
The importance of tech in government, from Obama’s chief of staff
Brian Krogsgard
Denis McDonough -- President Obama's chief of staff -- spoke to Ezra Klein about how to run the White House. In it, he described a process where President Obama would meet with cabinet secretaries on a quarterly basis, and the…
What you should know about the Sucuri acquisition deal by GoDaddy
Brian Krogsgard
In fewer than six years, Sucuri went from a team trying to decide when the founders should go full time, to a team of more than one hundred people, and an acquisition deal in their hands from one of the…
WordPress.com is testing custom plugins and themes for Business plans
Brian Krogsgard
Automattic is testing the ability for Business plan customers to upload custom plugins and themes on WordPress.com. The test has only been open a few days, and they are enabling the feature for around 10 sites per day, so it's…
Lilyana Yakimova shares that SiteGround’s site…
Brian Krogsgard
Lilyana Yakimova shares that SiteGround's site security scanner is now powered by Sucuri. I've long gotten SiteGround's "all clear" emails from HackAlert, but I trust Sucuri far more, so I'm happy to see the change.
If you’re a BuddyPress user, make…
Brian Krogsgard
If you're a BuddyPress user, make sure you upgrade to the latest security release, which fixes a few cross-site request forgery (CSRF) issues. You might also want to check out the updated version of the WooCommerce BuddyPress Integration plugin from…
Aaron Campbell talks about the difficulties…
Brian Krogsgard
Aaron Campbell talks about the difficulties of security disclosures, starting with the accurate statement, "security is ever a game of balance." Disclosure is an incredibly important part of the process. As Aaron points out, "you’ll look worse if someone else…
I stumbled on the “Tozny API”…
Dan Knauss
I stumbled on the "Tozny API" recently which instead of passwords presents a functionality similar to "email me an access code" from Slack. The purpose of which is to help either verify email addresses or promote password-free authentication for your…
BuddyPress 2.8.0 (“San Matteo”) has recently…
Dan Knauss
BuddyPress 2.8.0 ("San Matteo") has recently been completed and it includes some nice security tweaks and improvements: more helpful “Activate Pending Accounts” screen, better compatibility with the Twenty Seventeen theme, more hooks for Messages, accessibility upgrades, and more. Looks like…
2016 was a good year for…
Dan Knauss
2016 was a good year for PHP according to Zend as they share survey results from 1200 developers. Some interesting results, most notably that over 50% of respondents are planning to move to PHP 7.x within one year (that's good).…
The theme directory disconnect
Brian Krogsgard
In many ways, the WordPress theme directory is an invaluable resource -- for theme developers to have access to put their work out there in the wild for a huge audience, and for users to have a relatively safe way…
