WordPress Default Database Prefix

One of the recommended security measures for WordPress is to change the default database prefix.   When you use the default setting, hackers can more easily perform SQL injection attacks.   The easy way to avoid this is to change the prefix before installing WordPress for the first time.   If you forget to do this, you can either …

Continue reading ‘WordPress Default Database Prefix’ »

Incapsula

I decided to give Incapsula a try to improve webserver performance and security.  Incapsula is a cloud based service similar to Cloudfare that acts as a caching and security proxy for your website.   In doing so it acts as a quasi-CDN (Content Delivery Network).   I had looked at one of the popular WordPress Cache plugins, and realized that …

Continue reading ‘Incapsula’ »

WordPress 3.0.2 released

WordPress has released version 3.0.2 to address a privilege escalation user  for users having author access.   Upgrading is recommended by the vender even if you don’t have untrusted authors. The upgrade went smoothly on this blog.  But on another blog, the update didn’t complete and the blog was stuck in maintenance mode.   After taking care of …

Continue reading ‘WordPress 3.0.2 released’ »

Tynt

I installed Tynt Insight on here tonight.   Tynt is JavaScript on the webpage that tracks when cut and paste is used on the page.  More importantly it adds attribution.   Generally when I’m copying a couple of sentences to quote in a blog post I have to grab the URL separately.   This makes it a one step process, so attribution …

Continue reading ‘Tynt’ »

A Little Respect Regarding Reblogging

I noticed this week that a site out there is using wp-o-matic to present my work as his own information security blog. Some people incorrectly think that a RSS feed is a permanent license to do whatever you want with content. Its not. While it doesn’t look like it, I do spend a lot of …

Continue reading ‘A Little Respect Regarding Reblogging’ »