Nonces are not a catch-all security mechanism, and Gennady Kovshenin explains why.
John Blackbourn highlights a few email-related security improvements going into WordPress 4.9, including a change of email confirmation process.
The official PHP Git server was attacked this past week. The attack is still under investigation, but actions were quickly taken to protect it, and there is no active security risk. To learn more, you can read Enrico Zimuel‘s explanation. Github will now be the main repository for the PHP source code.
Justin Tadlock posted an update about his focus and direction with Theme Hybrid as he limits his scope to a few key projects: “Itβs hard to build truly great products when you can never focus on any given thing at a time.” β Newly released Exhale will be Justin’s flagship theme going forward, and he…
WPTavern has some excellent thoughts on communication, especially when it comes to developers informing their users about the status of their projects. Developers give little thought to how they would handle emergencies — such a security breach — until it happens. Plan ahead, because actions (or the lack thereof) can truly damage a business. Jeff…
“Beginning January 12, 2016, only the most current version of Internet Explorer available for a supported operating system will receive technical support and security updates,” per the Internet Explorer support policy, as linked to from an announcement about IE11 support. So in the near future, it’s possible that the vast majority ofΒ Windows users will always…
Andrew Nacin, lead developer of WordPress, just finished a talk at Loopconf, where he talked about a series of related WordPress security fixes that spanned two years, with the final fix included into WordPress core under the guise of emoji support.
