How to mitigate CVE-2018-6389 – the load-scripts.php DoS “attack” in WordPress

A little sensationalist written blog post by Barak Tawily claims that WordPress is vulnerable to a DoS attack because of the load-scripts.php file which concatenates JavaScript files on the fly.

Continue reading “How to mitigate CVE-2018-6389 – the load-scripts.php DoS “attack” in WordPress”

WordPress security for the casual blogger or small business with limited resources

The resources you have available to spend on WordPress security for your website usually vary vastly whether you’re an international corporation or just a hobbyist blogger. But since most attacks are automated by bots looking for vulnerabilities, a lot of the threats are the same. Here are some WordPress security measures that bloggers and small business with limited resources easily can take.

 

Continue reading “WordPress security for the casual blogger or small business with limited resources”

SVG uploads in WordPress (the Inconvenient Truth)

Enabling uploads of SVG files in WordPress is quite easy, and there is a tonne of posts on the Interwebs explaining how you do it. Usually along the lines of:

function add_svg_to_upload_mimes( $upload_mimes ) { 
	$upload_mimes['svg'] = 'image/svg+xml'; 
	$upload_mimes['svgz'] = 'image/svg+xml'; 
	return $upload_mimes; 
} 
add_filter( 'upload_mimes', 'add_svg_to_upload_mimes', 10, 1 );

And that’s pretty much it.

Except it is not.

Continue reading “SVG uploads in WordPress (the Inconvenient Truth)”