We have several plugin vulnerabilities we’d like to bring to your attention this week. First up is a backdoor that was added to the Custom Content Type Manager plugin. The backdoor was added by a malicious coder who gained access to the plugin code in the official WordPress plugin repository. It’s unclear whether the plugin author’s credentials were stolen or … Read More
Get Rid of Data to Help Secure It
Last week I spent some time chatting with Mike Dahn who is the co-founder of the BSides information security conferences globally. He’s also organizer of BSides San Francisco and is well known and respected in information security circles. We had a really informative chat and I’ve posted the video interview below. You know you’re chatting with someone who spends a lot of time … Read More
Hacked Sites Suffer Long Term Search Ranking Penalties
During our research into what the WordPress community knows about hacked websites, we discovered that there is very little data available on the subject. We decided to conduct a survey, inviting a portion of our community to participate. We received responses from 1,605 people who reported having a website they manage hacked in the last year. We learned a lot. Thank you … Read More
How Attackers Gain Access to WordPress Sites
On this blog we write a lot about different vulnerabilities that could lead to site compromise. In our Learning Center we go deep on a myriad of important topics related to WordPress security. Our handy checklist, for example, includes 42 items you really should be paying attention to. But surely not all 42 items are equally important, right? In today’s … Read More
Mandrill to SendGrid – a migration guide
[browser-shot url=”https://sendgrid.com/” width=”800″ alt=”SendGrid”] Over the last few years, I’ve been using a service called Mandrill on my own web sites and those that I create for my web development clients. Mandrill is a transactional email service run by MailChimp. It’s purpose it to act as the sender for emails that emanate from your web site or web app. If … Read More
Using Siteground hosting to always force redirect WordPress to https / SSL
I’m just trying out Siteground as host. I only signed up yesterday, so I cannot really say whether or nor they will be something that I can recommend. However, so far, so good. One thing that I really like is the fact that they offer secure connections (https / SSL) with one click thanks to Let’s Encrypt, which I wrote … Read More
WordPress Security Infection
Another WordPress Security Issue. We should all know by now that ALL technology is vulnerable to attack. Code is written by humans and humans make mistakes. Also, technology moves on, and what might have been a ‘perfect’ piece of code six months ago could now be susceptible to a new attack vector. WordPress security has taken a bashing in the … Read More
Why you need to know about Let’s Encrypt if you need an SSL certificate
[browser-shot url=”https://letsencrypt.org/” width=”800″ alt=”Lets Encrypt for free SSL certificate”] If you have a web site, then you really need to think about getting an SSL certificate. Last year Google made it clear that they were going to start giving a Search Engine ranking boost to sites that use https. In plain terms this means that your web site needs to … Read More
5 reasons why Drupal 8 is great CMS for your next web site project
[browser-shot url=”https://www.drupal.org/” width=”800″ alt=”Drupal 8″] Drupal 8 is really looking good. There are so may reasons as a web developer that I think Drupal is the right choice. It’s not always, but it often is. Here are my top 5 reasons why you might want to pick Drupal 8 as your CMS of choice for your next project. The admin … Read More