Developing for WordPress? Keep your shit secure
In this article I talk about the current state of the wordpress.org repository backed up by recent statistics, and give advice on keeping plugins and themes secure during development.
In this article I talk about the current state of the wordpress.org repository backed up by recent statistics, and give advice on keeping plugins and themes secure during development.
Daniel Cid has a good post on Sucuri that describes how they look at WordPress plugin vulnerabilities. Contrary to popular belief, just because you hear “SQL Injection”, it doesn’t mean someone can actually hack your site. The real problem comes in remote and unauthenticated attacks. These can lead to mass compromises; compromised can be mean…
Chris Jean, of iThemes, has done a nice job summarizing the recent flood of WordPress brute force login attacks, along with ways to prevent them. There is also a Codex page on handling brute force attacks that’s getting a lot of effort put into it right now.
How has the WordPress community changed since its early days? How does money and market share change it? What lies ahead?
Are we up or down? What should happen when a license expires? Is the block protocol worth it? Driesnote 2022. WP Engine expands. Becoming a better writer. Best backup solutions. Define your role. Reaktiv wins a spot in Inc’s Best Workplaces. Open Source JobHub. Our passwordless future.
Back in August, Oliver Sild announced in Post Status Slack that Patchstack was opening up “additional data” to “enrich the vulnerability data” their service discloses, now “with [a] real-time IP feed of attackers who hit [Patchstack’s] virtual patches.” Virtual patches are Patchstack’s quick interventions for customers’ sites when an official patch doesn’t exist yet for…
Automattic is testing the ability for Business plan customers to upload custom plugins and themes on WordPress.com. The test has only been open a few days, and they are enabling the feature for around 10 sites per day, so it’s a very, very soft launch. But if it goes well, one can presume the feature…