On this date in 2004, I started this blog. In some ways it was about playing with the technology, first MovableType and later WordPress. In other ways its been a place to dump my brain with linked I wanted to remember. It became a place to talk about my experiences. Other people’s blogs and community …
Its been rather quiet on the blog for a while because of an unfortunate incident that occurred back in March. I never really believed I was anonymous. After all, the domain was originally registered publically rather than via a proxy, so it’s a simple matter to get my name and address. Nevertheless it is a bit disconcerting when …
WordPress 3.5.1 is out. This is a maintenance and security update. The security updates are for: ■ Server-side request forgery (SSRF) and remote port scanning via pingbacks. Fixed by the WordPress security team. ■ Cross-site scripting (XSS) via shortcodes and post content. Discovered by Jon Cave of the WordPress security team. ■ Cross-site scripting (XSS) …
Just a housekeeping note. For those of you who prefer to follow blogs via email instead of RSS feeds or via twitter, I’ve enabled that ability. If you’d like to do that, on the home page, on the right hand side, look under the “keeping up” section. I have a link for twitter, the rss …
WordPress 3.4.2 was released on September 6th. It contains security updates. I have installed the update on a couple of sites without issue.
One of the recommended security measures for WordPress is to change the default database prefix. When you use the default setting, hackers can more easily perform SQL injection attacks. The easy way to avoid this is to change the prefix before installing WordPress for the first time. If you forget to do this, you can either …
I decided to give Incapsula a try to improve webserver performance and security. Incapsula is a cloud based service similar to Cloudfare that acts as a caching and security proxy for your website. In doing so it acts as a quasi-CDN (Content Delivery Network). I had looked at one of the popular WordPress Cache plugins, and realized that …
I upgraded to WordPress 3.2 tonight. That is bad news for the site visitors still running IE6. This is a security site, so I have to assume that the visitors with a IE6 user agent are bots or crawlers. I’ll have to watch for odd search results for the blog showing the “browse happy” hijack …
WordPress has released version 3.0.2 to address a privilege escalation user for users having author access. Upgrading is recommended by the vender even if you don’t have untrusted authors. The upgrade went smoothly on this blog. But on another blog, the update didn’t complete and the blog was stuck in maintenance mode. After taking care of …
I installed Tynt Insight on here tonight. Tynt is JavaScript on the webpage that tracks when cut and paste is used on the page. More importantly it adds attribution. Generally when I’m copying a couple of sentences to quote in a blog post I have to grab the URL separately. This makes it a one step process, so attribution …