cookies

WordPress.com Security Vulnerability Stirs Debate Over Responsible Disclosure

Jeff Chandler May 28, 2014 44

Late last week, Yan Zhu, a Staff Technologist for the Electronic Frontier Foundation publicly disclosed a security vulnerability she discovered with WordPress.com and how it handles cookies. More specifically, she discovered the “wordpress_logged_in” cookie being sent in the clear to a WordPress authentication endpoint. She was able to use the (more…)

WordPress Plugin Authors: Be Up Front and Honest With Users About Tracking

Jeff Chandler December 17, 2013 9

Plugins collecting information and phoning home to a third-party without the user’s consent is a serious issue in the WordPress community. The WordPress plugin repository guidelines are clear on this matter specifically, point number seven and its sub points. Pooria Asteraky has published a post that explains why there needs (more…)

chuck: You made me curious so I also looked at it. Comes »
Peter: That's maybe on of the reasons why your website ta »
David Anderson: It's unfortunate that there's no mechanism availab »
Ahmad Awais: Thanks for that, Tim! @George — IMHO if you're »
Ahmad Awais: Just read it. I completely agree with you on that. »
Dovy: Hmm, sounds like the forced customizer fiasco... »
Ahmad Awais: Yay! I made it to the "Picks of the Week™" at Tave »
Meagan: I'm unsure whether the concept of "the ends justif »
Alec: Anyone who is wondering what's new in the world of »
Alec: This is a great defensive plugin. The ability to e »