☆ Not an expert. Probably wrong.
UUIDs (Universally Unique IDentifier), also known as GUIDs (Globally Unique IDentifier), is a string that identifies a piece of information in computer systems. WordPress use GUIDs to identify each individual post, but use URLs (kind of) for GUIDs, and thus does not follow the standard definition (RFC 4122) of a UUID (or GUID).
Read More Proper RFC 4122 UUIDs as GUIDs in WordPressEmail is fundamentally insecure. There are such a plethora of issues with it, it is crazy to think about the kind of information sent with it. It is probably even crazier when you realize we’ve had a solution for sending secure email since 1991.
Read More Secure email: Encrypt and sign your emails with PGP/GnuPGThis weekend I was at WordCamp Berlin, met a lot of great people, and watched a lot of interesting presentations. WordCamps are actually quite informal by themselves, but at the afterparties, people are really letting their shoulders down and it often seems like people are long-time personal friends. If you open up to it, it […]
Read More Six reasons why I love WordCampsMany ISPs and other DNS providers are slow or inject ads, track you, hijack DNS queries or do other nasty stuff. To mitigate this, you should use a fast, reliable and free service that respects your DNS privacy.
Read More DNS privacy: Use a DNS provider that doesn’t track youThis is the second post in my series of posts on some of the tools I use to stay a little safer and protect my privacy online. With self-destructing cookies, you get a clean sheet even with those who don’t respect the Do-Not-Track header.
Read More Self-destructing cookies: Real, forced Do-Not-Track for your privacyWordPress doesn’t use a nonce for the login form, which opens up for you to perform a WordPress session donation attack.
Read More How to perform and mitigate a WordPress session donation attackIf you’re utilizing the browser cache correctly, you’ll gain huge performance benefits for your users, as well as save bandwidth and server capacity which equals to saving money. To do this right, you must create unique URLs for all versions of your resources, and tell them to never ask for the content again by telling […]
Read More Immutable assets with unique URLs in WordPress for enqueued JS and CSS filesI’m running a series of posts on some of the tools I use to stay a little safer and protect my privacy online. Here’s how you can get much better secure messaging on your phone using the Signal app.
Read More Secure messaging on your phone with the Signal appTavis Ormandy from Google’s Project Zero contacted Cloudflare to report a security problem with their service. It turned out that in some unusual circumstances, they would bleed memory that contained private information.
Read More How CloudFlare handled CloudBleedInspired by how Facebook assists their users when they log in, I decided to implement something like the same for WordPress.
Read More Giving users a helping hand when authorizing them in WordPress