Search Results for: security

Open source is imperiously taking over the internet. Today, you’d be hard-pressed to find a tech company that is not, in some way, leveraging open source to their advantage. Open source is working to lead technologies into the future. Dominating more than 25 percent of the internet, WordPress is one of the biggest open-source projects in the world. Its flexibility and ability to scale make it the obvious choice for any website, regardless of industry. From education and nonprofits to enterprise companies and world-renowned publications, WordPress is the CMS of choice. WordPress, and open source more broadly, has recently even reached […]

In a recent article, I talked about nonces, what they are and their role in WordPress. This article stressed the importance of using nonces to help prevent XSS and CSRF attacks. Soon after that post was published I read about multiple security vulnerabilities in the extremely popular plugin W3 Total Cache. One of these vulnerabilities is the result of improper nonce validation. A nonce was not validated using the standard wp_verify_nonce() function. Instead, the nonce was validated using a == comparison. In this article, I’m going to cover string comparisons in PHP. Specifically some of the issues with string comparison, […]

Let’s Encrypt first launched earlier this year and has quickly become a leader in the SSL marketplace. The project is a free and open-source certificate authority provided by the Internet Security Research Group which aims to encrypt 100 percent of the web. We contacted the Director of Communications at Let’s Encrypt, Sarah Gran to see how the project is doing and what the future holds. The project has been moving steadily forward. According to Gran, along with WordPress.com and Bit.ly, hosting companies have also utilized the project. “On a more technical note, a recent milestone was our acceptance into Mozilla’s root program, a significant step in being able […]