One of the recommended security measures for WordPress is to change the default database prefix. When you use the default setting, hackers can more easily perform SQL injection attacks. The easy way to avoid this is to change the prefix before installing WordPress for the first time. If you forget to do this, you can either …
I decided to give Incapsula a try to improve webserver performance and security. Incapsula is a cloud based service similar to Cloudfare that acts as a caching and security proxy for your website. In doing so it acts as a quasi-CDN (Content Delivery Network). I had looked at one of the popular WordPress Cache plugins, and realized that …
I upgraded to WordPress 3.2 tonight. That is bad news for the site visitors still running IE6. This is a security site, so I have to assume that the visitors with a IE6 user agent are bots or crawlers. I’ll have to watch for odd search results for the blog showing the “browse happy” hijack …
WordPress has released version 3.0.2 to address a privilege escalation user for users having author access. Upgrading is recommended by the vender even if you don’t have untrusted authors. The upgrade went smoothly on this blog. But on another blog, the update didn’t complete and the blog was stuck in maintenance mode. After taking care of …
I installed Tynt Insight on here tonight. Tynt is JavaScript on the webpage that tracks when cut and paste is used on the page. More importantly it adds attribution. Generally when I’m copying a couple of sentences to quote in a blog post I have to grab the URL separately. This makes it a one step process, so attribution …
I decided to move over to WordPress. Currently I’m working on keeping things up and running with a minimum of 404s. Once all of that is cleared away I’ll be looking for something besides the default theme. Commenting is set to moderate first time posters. I don’t know if WordPress is smart enough to recognise old …
6 years ago I started blogging. I keep hearing people disparaging blogging. The kids today think blogging is too lengthy, just tweet it. The CEO thinks he doesn’t have time to read a blog, so put it in a podcast. The tech guy says who uses RSS anymore. The Facebook “Like” button is taking over …
I noticed this week that a site out there is using wp-o-matic to present my work as his own information security blog. Some people incorrectly think that a RSS feed is a permanent license to do whatever you want with content. Its not. While it doesn’t look like it, I do spend a lot of …
I’ve used Twitter as a follower for a while now. I’ve decided to create a Twitter account for Infosec related stuff. Mark Cuban says more people find his blog via twitter or Facebook than Google. That is generally going to be people sharing links. Lets face it, his controversial posts are designed to create a …
A little housekeeping blog post. I’m moving webhosts this week. My old host is progressively more annoying. A few years ago the owners sold out to a company that operates many web hosting brands. After quite a bit of migration headache, things seem to have stabalized. Nevertheless, my contract is finally up, and I’ve decided …