A Comparison of WordPress Two-Factor Options
I’ve been thinking hard about two-factor authentication in the last few months. I think it’s great, but you can’t deny the hassle. So while I’ve enabled it on small number of my most valuable accounts, I admit that I’ve not put it everywhere. I don’t have it on my WordPress sites–partly from avoidance of the (admittedly, relatively minor) hassle it represents, more just out of inertia. Helpfully, I just found this solid article from the folks over at WP WhiteSecurity about what options exist for turning on two factor for WordPress.
A Good Talk on Personal Data Security
In an effort to make sure I miss nothing for my forthcoming security course (which may or may not be coming in November…), I’ve been watching a lot of WordPress.tv talks tagged with “security”. Many of the talks are very very good, but this one has an added interesting trait: it’s got little to do with WordPress.
Principles of Secure WordPress Code
Security is a very important topic. To secure WordPress, you must have responsible users making use of an instance of WordPress that is only executing secure code (maybe helped by some extra “hardening”) on a secured server. But a compromise of any part of that can invalidate on all your work on any other part. There is no single solution to having a secure WordPress site.
Let’s Encrypt Has Issued More than 20 Million Free SSL Certificates
What do Let’s Encrypt’s 20 active million SSL certificates have in common? They’re all free.
Getting Familiar with Nonces in WordPress
Our pal Josh Pollock has a great little post over on Torque about the what, why, and how of using nonces in WordPress. They’re a pretty developer-specific feature — an average user doesn’t and shouldn’t have to understand — but they’re powerful and important to prevent some of the most basic security vulnerabilities.
WordPress Security Tips
Search Google and just about every article you come along will tell you that in order to have a secure blog, you need X amount of plugins. I disagree. I use none yet I’m satisfied I have a reasonable level of security. I use a number of techniques to keep the site safe, which I’ll discuss over the course of the post.