While on stage at WordCamp Europe answering a question related to WordPress’ security track record, Matt Mullenweg named Nikolay Bachiyski as the first Security Czar for the WordPress project. I interviewed Bachiyski to learn why the role was created and what its purpose is. What are the responsibilities of your new role? My responsibilities are…
WordPress 4.2.4 is available and patches six security vulnerabilities. The vulnerabilities were discovered by outside parties and members of the WordPress core security team. This release also fixes four bugs: WPDB: When checking the encoding of strings against the database, make sure we’re only relying on the return value of strings that were sent to…
Hello Security is a new plugin developed by Michele Butcher that displays security tips and reminders in the WordPress backend. It’s a fork of Hello Dolly and Butcher’s first plugin submitted to the plugin directory. Security best practices include PASSWORD is never a good password, backup all the things, and only give users the access…
Due to its popularity, WordPress is a favorite target of hackers looking to exploit any vulnerability to gain access to your site. Once inside they can do things like compromise your files, deface your website and start gobbling up all your server’s resources until you are shut down. With services like BruteProtect gaining traction and…
You’ve probably heard the advice that you should delete old or unwanted plugins from your WordPress installation. Plugins are often on the forefront of WordPress housekeeping lists. This is probably due to the fact that on a normal WordPress site you’re usually running just one theme and then multiple, sometimes dozens, of plugins. Unused plugins…
Cory Miller of iThemes announced today that they have hired WordPress plugin developer and security expert Chris Wiegman. Wiegman is the author of the Better WP Security plugin, which has been downloaded more than 1.2 million times from WordPress.org. iThemes will be taking over ongoing development and maintenance of Wiegman’s plugin. Better WP Security was…
Tamper-evident seals are common in the marketplace for physical goods. They instantly boost consumer confidence, because nobody wants to buy the peanut butter that has already been sniffed and tasted by a total stranger. Wouldn’t it be nice if there was an equally easy way to tell if WordPress files had been tampered with or…