This is part 1 in a series to inform developers and administrators on the best methods to lock down their WordPress installations. By following even just some of the steps in these guides, one should be able to avoid many of the common security issues with WP.
Category: Technical Tips
CodeIgniter’s new cart class lets you build robust shopping carts quickly for your site in php, but doesn’t, out of the box, let you add products that have non-alpha-numeric (and dashes, underscores, colons or periods) product names into the cart. Here’s the proper way to extend the class that is upgrade-proof.
Being the further adventures of: html5 already works somewhat. Article comments didn’t get the treament, last time, because they’re produced by wp_list_comments() in the comment.php template. But actually this isn’t that hard to sort, and I also took a look at the form fields in the comment post section of the page.
HTML5 is no radical departure from it’s predecessors. It offers aids to better semantic markup and embedded content, useful form validation, and a little less depreciated cruft. Most importantly it provides the platform for CSS3, about which more in a later article. But the best thing about html5 is that you can have it now, without sacrificing browser compatibility. Take a look over here where I’ve recoded Ponderwell’s site in html5. That was an afternoon’s work, and the result was sufficiently encouraging that I think I’ll be using html5 exclusively from now on. It works just fine even in IE6 – or rather, it works as well as any site ever does in that horrible browser.
Ok, so you have a beautiful layout. You are letting users insert data (properly validated, of course), and someone posts a raw URL or other text without a space in it. Your layout is, well, borked. You could of course: wrap the text in a div and apply an overflow-x:auto and give it… Read more »
graudit is a great tool to find low hanging security issues with your PERL, PHP, Python, JSP, and even .Net scripts. But, it should not be used solely to report for issues as it lacks the capabilities to find most real security issues.
If you are using the WordPress AudioPlayer plugin on your site, you know that it’s a versatile flash player with many options. The missing option from my point of view is tracking the playing of the audio tracks themselves. I’ll show you how to add Google Analytics tracking to the player, so you can get… Read more »
The details on the newest Twitter w0rm to surface this week and how to protect yourself from such attacks.
PHP5 is not an Object Oriented Language, but just the same it is being used as and OOL, and it has language constructs which facilitate that. If you’re like me, though, you tend to use stdClass objects not as simple class instances but as PHP’s answer to what is called a record or struct in other languages. This can cause confusion, especially when assignment doesn’t go quite as planned.
Adobe added the Launch command to the PDF spec in 2008. Since then, attacks using this command have surfaced and we explain a sample attack along with how to disable the Launch feature to protect your environment from this type of attack.