The WordPress Core team is hard at work trying to figure out how to move forward with shortcodes in the system. They posted an initial draft of the shortcode roadmap earlier this week, and it was met with a lot of discussion (some very productive, some not so much). They went back to the drawing board, and proposed […]
Follow-Up: WordPress Password-Protection & Admin Whitelist
April 25, 2015 by Leave a Comment
A few months ago, I posted an article explaining how to lock your administration area down so that only specific IP addresses or IP ranges can login to your WordPress system. Recently, I came across one minor unexpected side effect of this security method: Password-protected posts and pages no longer work as expected. Since the […]
Another Day, Another Security Update
April 21, 2015 by Leave a Comment
Hot on the heels of the security announcement regarding a large number of plugins yesterday, the WordPress team has released an urgent security update to the WordPress core itself. If you haven’t already, you should once again go back through all of your sites and update WordPress. The good news is, since this is a minor […]
Far-reaching Security Vulnerability Revealed
April 20, 2015 by Leave a Comment
According to an article on the Sucuri blog today, there is an extremely widespread security vulnerability in many WordPress plugins. The vulnerability seems to be the result of a breakdown in communication, where developers expected a set of core WordPress functions to do one thing, when it actually does another. Essentially, most plugin developers (including those […]
Major Drupal Vulnerability
October 30, 2014 by Leave a Comment
A major exploit in Drupal 7, allowing SQL injection, was reported a few weeks ago. Many security blogs are reporting that all Drupal systems that are running v7 should consider themselves potentially exploited, unless they patched their system on or before October 15 (when the vulnerability was reported). For those of us that constantly hear […]
Potential Cross-Site Scripting Vulnerability in jQuery Scripts
October 4, 2014 by Leave a Comment
A few days ago, Eric A Mann posted an article explaining a potential XSS vulnerability in various jQuery scripts. The basic premise is that a very common coding practice in jQuery (checking to see if an element exists before trying to use it) could lead to an XSS attack. Essentially, if you use jQuery to […]
WordPress 3.9.2 – Major Security Release
August 6, 2014 by Leave a Comment
If you are using WordPress (and, if you’re reading this site, chances are pretty good that you are), you’ll want to make sure your site gets updated to 3.9.2 right away. WordPress 3.9.2 was released earlier today, and it fixes what’s being reported as a pretty major security hole (which is also present, and has also been […]
Quick Tip: Restricting Access to WordPress Logins
August 6, 2014 by 4 Comments
As you’ve most likely noticed over the past few weeks/months, there are a lot of brute force attack attempts happening pretty regularly. Bots are trying over and over again to login to just about any WordPress site, using any credentials they can come up with. While there are many ways to combat this, one of […]
Let’s Hang Out
August 14, 2013 by 3 Comments
As I mentioned in the initial welcome post, one of the any things I’d like to do with this site is to use it to help facilitate virtual meetups about WordPress in higher ed. While we’re not necessarily ready to put a regular schedule in concrete, we are happy to announce that we will be […]