WordPress 5.1 Dropped Last Week WordPress vulnerabilities in WP Core through version 5.0.3 have been published by US-CERT. One allows a Path Transversal in the wp_crop_image() variable. This flaw has been present in WordPress for a long time. If you’ve made the jump to 5.0, please update to 5.1 right away. If you’ve not made […]
January 28th is Data Privacy Day! Data Privacy Day (DPD) will be held on January 28th, 2019. It is an annual effort to promote data privacy awareness and education. DPD 2019 is sponsored by the National Cyber Security Alliance (NCSA), focus around the theme, A New Era in Privacy. The NCSA Stay Safe Online website will feature
Just now on CBS This Morning, I learned that Cloudflare, a well-known CDN provider, had launched it’s new 1.1.1.1 DNS network on April 1, 2018. Yeah, I’m a little late to the party, but better late than never. 1.1.1.1 Cloudflare DNS could potentially revolutionize data privacy and DNS lookups on the Internet. In case you’re
Another week gone and more WordPress vulnerabilities to report. See US-CERT Bulletin (SB18-064) for more information. This week it’s two VERY popular plugins (1M active Installations), both of which I use on almost all of my websites. The first is iThemes Security. The plugin versions before 6.9.1 for WordPress do not properly perform data escaping for
In a never-ending quest to get webmasters to think about WordPress security, here is the latest update from the U.S. Dept. of Homeland Security’s National Cyber Awareness System. There were five new vulnerabilities discovered in four plugins in the WordPress ecosystem over the past couple of weeks. They are all cross-site scripting (XSS) WordPress vulnerabilities.
I’m very excited to announce that I’ll be speaking on basic WordPress Security at WordCamp Albuquerque on January 19th, 2018. This was a very busy week when it comes to hackers attacking WordPress websites. I talk to people about WordPress security best practices a lot, but most don’t want to hear it. They don’t think
You may be thinking, “Who in the world would want to hack my lowly little WordPress website?” Well 48 hours worth of data from a brand spanking new WordPress website may just show you. I installed a fresh copy of WordPress on a new domain on February 1, 2017. By the evening of February 3,
SSL Certificates are Now Required by Chrome Update: January 9, 2017 Google has finally rolled out changes in Chrome that make the fact that you don’t have an SSL Certificate glaringly obvious to your visitors. Elegant Themes has posted a nice piece about it, but this is what it looks like… You definitely don’t
We value your privacy and NEVER share email addresses
Call now!
