Archive for 'security'

WordPress 3.7 Ships with Auto-Updates. Don’t Use That! (Generally.)

WordPress people know a lot about WordPress updates, but all to often they need to know a lot more, to avoid a broken site.

For one thing, WordPress bloggers, with good intention, tend to tell us to always update asap, upon a core update being available. That can be bad advice leading to broken sites, as we casually hack ourselves, effectively, due to incompatibilities from unkempt plugins, old themes and the like.

The ...

read more →

Basic Password Security: Think again. #nsa #&pals!

Shopping for an SSL certificate, I see cert keys must now be 2048 characters, not just the previous 1028.

… Such is the spying frenzy from our dear leaders, good job.

My clearly not-at-all-political point is this: isn't it time that we recognised that, to protect our biz and identities, we should be using mission critical passwords of, what, at least 128 characters? Or maybe just 64 if you change them each ...

read more →

‘WordPress 3 Ultimate Security’ Book – Press Release


Some of you may have found this site off the back of a pretty well-known post about WordPress security, 10 Tips To Make WordPress Hack-Proof.

In the comments I promised a follow-up because, frankly, I wasn't satisfied with the content, it just didn't cover the WordPress security bases. The problem was, to properly ...

read more →