Whenever you upgrade a plugin, theme or WordPress itself through the WordPress dashboard, WordPress will put itself in maintenance mode and all your visitors will see the maintenance mode notice “Briefly unavailable for scheduled maintenance. Check back in a minute.”
The resources you have available to spend on WordPress security for your website usually vary vastly whether you’re an international corporation or just a hobbyist blogger. But since most attacks are automated by bots looking for vulnerabilities, a lot of the threats are the same. Here are some WordPress security measures that bloggers and small business with limited resources easily can take.
If you google “functions.php” you get about 7 million results. I bet most of them contain bad advice: “How to add functionality to your WordPress site”. Some of them continue even worse: “[…] without using a plugin”. For your own good, don’t edit functions.php to add custom functionality to your WordPress site. You can use mu-plugins to do that.
Since I translate a lot of WordPress themes and plugins, I sometimes come across plugins who try to be clever with their translations. This tends to not work so well in reality.
As you may know, WordPress sends out email notifications from time to time. Actually, as of WordPress 4.8.1, there are 24 different occasions when WordPress will send an email message. Don’t you think it would be useful to have a reference of all outgoing WordPress emails?
During WordCamp Europe 2017 in Paris, there was a Q&A session with Matt Mullenweg. I wanted to ask him a question, but due to high demand and restricted time, I never got to ask him. I guess Matt is a busy person, so I don’t expect him to actually answer this question himself. But maybe someone in the WordPress community has answers, insights or ideas? A person is the CEO of one of the most important WordPress-related companies....
UUIDs (Universally Unique IDentifier), also known as GUIDs (Globally Unique IDentifier), is a string that identifies a piece of information in computer systems. WordPress use GUIDs to identify each individual post, but use URLs (kind of) for GUIDs, and thus does not follow the standard definition (RFC 4122) of a UUID (or GUID).
WordPress doesn’t use a nonce for the login form, which opens up for you to perform a WordPress session donation attack.
If you’re utilizing the browser cache correctly, you’ll gain huge performance benefits for your users, as well as save bandwidth and server capacity which equals to saving money. To do this right, you must create unique URLs for all versions of your resources, and tell them to never ask for the content again by telling the browsers that the assets are immutable resources.
Inspired by how Facebook assists their users when they log in, I decided to implement something like the same for WordPress.