WordPress officially launched the WordPress bug bounty program on HackerOne May 15 of this year, almost six months ago. The goal was to leverage the tools HackerOne provides to improve the quality and consistency of our communication with reporters, and to reduce the time spent on responding to commonly reported issues in order to free […]
Tag: WordPress
The Open Web Matters
The internet is no longer a toy. It is no longer used only for fun or even simply for research. It is now an integral part of people’s lives, of businesses, and even entire economies. Comedian and science advocate, Bill Nye, was recently speaking about his new show Bill Nye Saves the World. Asked why he […]
In Support of Stronger Passwords – Not Secret Usernames
I can discover usernames in WordPress, which means I’m halfway to compromising an account. It’s a common security report. The details vary – sometimes they find usernames through CSS classes, sometimes they’re using enumeration, sometimes it’s from a REST API endpoint – but the real problem is that the underlying logic is flawed. WordPress has […]
Website Security – Simple Steps to Take
Website security is important. We all know it. For many though, it’s a topic they prefer not to talk or think too much about. They don’t really consider it in very many areas as they build or manage their site. Why? Security is Scary You know you want to be secure, so you start to […]
Open Source Got Me Started
I started writing computer code about 26 years ago in 1991. At that time it wasn’t easy to teach yourself how to code. The Internet existed but not in the way we know it now. It was much smaller, contained far less data, ran at much slower speeds, and the first graphical browser didn’t even […]
The Difficulties of Security Disclosure
Security is ever a game of balance. Ease of use against safety is the one I find myself thinking about most often; locks on your door inconvenience you with having to get out your keys, long and unique passwords necessitate working with a password manager, two factor requires additional equipment and steps. Most often adding […]
Case for the REST API Endpoints
The Open Web and a History Lesson For this to make sense, you first need to understand how I view the web right now. The internet has become a foundation that a huge percentage of humankind rely on. I think that our future is as dependent on technology, the internet being a key piece of […]
Joining GoDaddy as a Full-Time WordPress Core Contributor
Today is my last day at iThemes. It’s been a great two years, and I’ve learned a lot. I’m very appreciative of my time here and I will absolutely miss all the people. If you haven’t checked out iThemes or had the chance to meet Cory, Matt, or any of their amazing team, you definitely […]
Plugin Translations
WordPress is now letting plugins hosted in the WordPress.org repository use the GlotPress setup at translate.WordPress.org to handle all their translations! Twitter Widget Pro is now ready to be translated and all my other plugins will slowly follow!
WordPress Security – The Big Picture and What You Need
I’m pretty passionate about WordPress, I’m pretty passionate about security, and I’m heavily involved in both. I’ve been working with WordPress for over ten years and helping build WordPress for over eight. I’m also on the WordPress core security team and have recently taken a lead role working on the iThemes Security plugin. There has […]