Are you over 18 and want to see adult content?
More Annotations
A complete backup of holyheadhotspur.com
Are you over 18 and want to see adult content?
A complete backup of adidaszxflux.org.uk
Are you over 18 and want to see adult content?
A complete backup of interniedecori.com
Are you over 18 and want to see adult content?
Favourite Annotations
A complete backup of https://techreport.com
Are you over 18 and want to see adult content?
A complete backup of https://sukabumiupdate.com
Are you over 18 and want to see adult content?
A complete backup of https://gold678.com
Are you over 18 and want to see adult content?
A complete backup of https://orangecityiowa.com
Are you over 18 and want to see adult content?
A complete backup of https://ubuy.com.lk
Are you over 18 and want to see adult content?
A complete backup of https://jfla.org
Are you over 18 and want to see adult content?
A complete backup of https://awakeandmindful.com
Are you over 18 and want to see adult content?
A complete backup of https://justifydigital.com
Are you over 18 and want to see adult content?
A complete backup of https://druggenius.com
Are you over 18 and want to see adult content?
A complete backup of https://eastviewpress.com
Are you over 18 and want to see adult content?
A complete backup of https://mothercabrini.org
Are you over 18 and want to see adult content?
Text
AARON D. CAMPBELL
Given a very short (too short), ten character random password of yZ3#8gPI^0, the entropy is ~65.7 ( log2 9510 ). Assuming that you can try to crack the username separate from the password, the combined entropy is ~126.8. If you instead increase the length of your password to 20 characters, it’s entropy alone would be ~131.4.ABOUT AARON
About Aaron. Images of Aaron for use in speaking profiles, media, etc. Aaron is an international speaker, open source advocate, and outgoing introvert. He’s been a regular contributor to WordPress for more than a decade, and is currently employed by Endurance as part of the WordPress team. He has over twenty years of web development SPEAKING - AARON D. CAMPBELL Does Your Event Need a Great Speaker? I’m positive I can bring value to your organization and event as a speaker/story teller. My 2019 speaking topics revolve around: The open web and it’s importance to our future Internet security Introversion (Successfully working with introverts, succeeding as an introvert, etc) Building and leveraging your reputation ThinkAARON D. CAMPBELL
First let me say that search engine optimization is a very complex subject. There are people who really know what they are doing and plenty of people that don’t.This writeup will not get you to the point where you really understand it all, and I highly recommend that you budget for a professional, but this will be a good start for people that are just starting and need to know what they can do. PRESENTER - AARON D. CAMPBELL The presentations are built using Reveal.js by Hakim El Hattab, which means it is extremely extensible, works with most browsers, and even works with presenter remotes. Professional slideshows right on your WordPress site. Brought to you by Aaron D. Campbell. Use automatic installer to install and active the plugin.WP GOOGLE ANALYTICS
Download Description Installation FAQ Changelog Details WP Google Analytics makes it easy to track your site’s usage, with lots of helpful additional data. Features: Uses Google’s asynchronous tracking method which is faster and more reliable. Automatically tracks site speed Option to log outgoing links as events Option to log 404 errors as events Use custom EFFICIENT RELATED POSTS Download Description Installation FAQ Changelog Details There is a problem with related posts plugins, and Efficient Related Posts is fixing that by approaching the problem from a different direction and offering a very different solution. Basically, current related post plugins build the list of related posts on the fly when the user needsto view
THE OPEN WEB MATTERS The internet as we know it started around 1991. Tim Berners Lee, working with CERN, developed HTTP, HTML, and the first ever web browser.The internet was much more academic at that time and looked a lot like the pages of a research paper. OPEN SOURCE GOT ME STARTED My entire career path has been made possible by open source software. Even in the early 90s it's how I learned to write code at only nineyears old.
IN SUPPORT OF STRONGER PASSWORDS I can discover usernames in WordPress, which means I’m halfway to compromising an account. It’s a common security report. The details vary – sometimes they find usernames through CSS classes, sometimes they’re using enumeration, sometimes it’s from a REST API endpoint – but the real problem is that the underlying logic is flawed.WordPress has
AARON D. CAMPBELL
Given a very short (too short), ten character random password of yZ3#8gPI^0, the entropy is ~65.7 ( log2 9510 ). Assuming that you can try to crack the username separate from the password, the combined entropy is ~126.8. If you instead increase the length of your password to 20 characters, it’s entropy alone would be ~131.4.ABOUT AARON
About Aaron. Images of Aaron for use in speaking profiles, media, etc. Aaron is an international speaker, open source advocate, and outgoing introvert. He’s been a regular contributor to WordPress for more than a decade, and is currently employed by Endurance as part of the WordPress team. He has over twenty years of web development SPEAKING - AARON D. CAMPBELL Does Your Event Need a Great Speaker? I’m positive I can bring value to your organization and event as a speaker/story teller. My 2019 speaking topics revolve around: The open web and it’s importance to our future Internet security Introversion (Successfully working with introverts, succeeding as an introvert, etc) Building and leveraging your reputation ThinkAARON D. CAMPBELL
First let me say that search engine optimization is a very complex subject. There are people who really know what they are doing and plenty of people that don’t.This writeup will not get you to the point where you really understand it all, and I highly recommend that you budget for a professional, but this will be a good start for people that are just starting and need to know what they can do. PRESENTER - AARON D. CAMPBELL The presentations are built using Reveal.js by Hakim El Hattab, which means it is extremely extensible, works with most browsers, and even works with presenter remotes. Professional slideshows right on your WordPress site. Brought to you by Aaron D. Campbell. Use automatic installer to install and active the plugin.WP GOOGLE ANALYTICS
Download Description Installation FAQ Changelog Details WP Google Analytics makes it easy to track your site’s usage, with lots of helpful additional data. Features: Uses Google’s asynchronous tracking method which is faster and more reliable. Automatically tracks site speed Option to log outgoing links as events Option to log 404 errors as events Use custom EFFICIENT RELATED POSTS Download Description Installation FAQ Changelog Details There is a problem with related posts plugins, and Efficient Related Posts is fixing that by approaching the problem from a different direction and offering a very different solution. Basically, current related post plugins build the list of related posts on the fly when the user needsto view
THE OPEN WEB MATTERS The internet as we know it started around 1991. Tim Berners Lee, working with CERN, developed HTTP, HTML, and the first ever web browser.The internet was much more academic at that time and looked a lot like the pages of a research paper. OPEN SOURCE GOT ME STARTED My entire career path has been made possible by open source software. Even in the early 90s it's how I learned to write code at only nineyears old.
IN SUPPORT OF STRONGER PASSWORDS I can discover usernames in WordPress, which means I’m halfway to compromising an account. It’s a common security report. The details vary – sometimes they find usernames through CSS classes, sometimes they’re using enumeration, sometimes it’s from a REST API endpoint – but the real problem is that the underlying logic is flawed.WordPress has
AARON D. CAMPBELL
First let me say that search engine optimization is a very complex subject. There are people who really know what they are doing and plenty of people that don’t.This writeup will not get you to the point where you really understand it all, and I highly recommend that you budget for a professional, but this will be a good start for people that are just starting and need to know what they can do. AARON D. CAMPBELL, AUTHOR AT AARON D. CAMPBELL Security is ever a game of balance. Ease of use against safety is the one I find myself thinking about most often; locks on your door inconvenience you with having to get out your keys, long and unique passwords necessitate working with a password manager, two factor requires additional equipment and steps. BEING UNDERSTANDING IN THIS DIGITAL AGE This has been an interesting week for me. I’ve worked every day from a hospital room. To try to keep a very long story somewhat short, my grandma was in the ER Sunday, the experience was bad and they dismissed her rather than taking the time to actually figure out the problem. This resulted inMY PLUGINS ARCHIVE
Open Facebook in a new tab Open Twitter in a new tab Open Instagram in a new tab Open LinkedIn in a new tab Open GitHub in a new tabWEBSITE SECURITY
2 thoughts on “ Website Security – Simple Steps to Take ” Steven Gliebe April 14, 2017 at 9:55 am. This is really clear and useful. Thanks for writing it. Passing it on, for sure. Also important is for users to keep WordPress, plugins and themes up to date.PRIVACY POLICY
Who we are Our website address is: https://aarondcampbell.com. What personal data we collect and why we collect it Comments When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. An anonymized string created fromTWITTER WIDGET PRO
Download Description Installation FAQ Changelog Details A widget that properly handles twitter feeds, including parsing @username, #hashtag, and URLs into links. It supports displaying profiles images, and even lets you control whether to display the time and date of a tweet or how log ago it happened (about 5 hours ago, etc). Twitter Widget Pro CASE FOR THE REST API ENDPOINTS The Open Web and a History Lesson For this to make sense, you first need to understand how I view the web right now. The internet has become a foundation that a huge percentage of humankind rely on. I think that our future is as dependent on technology, the internetbeing a
THE DIFFICULTIES OF SECURITY DISCLOSURE Security is ever a game of balance. Ease of use against safety is the one I find myself thinking about most often; locks on your door inconvenience you with having to get out your keys, long and unique passwords necessitate working with a password manager, two factor requires additional equipment and steps. MIGRATING FROM MANDRILL TO SENDGRID Recently The Rocket Science Group, the company behind both Mandrill and MailChimp, decided to change things up. They decided to roll Mandrill, their transactional E-Mail service, into MailChimp as a paid addon available to paid MailChimp accounts only. A lot of people freaked out or got really upset, most of them focusing on the factAARON D. CAMPBELL
Given a very short (too short), ten character random password of yZ3#8gPI^0, the entropy is ~65.7 ( log2 9510 ). Assuming that you can try to crack the username separate from the password, the combined entropy is ~126.8. If you instead increase the length of your password to 20 characters, it’s entropy alone would be ~131.4.ABOUT AARON
About Aaron. Images of Aaron for use in speaking profiles, media, etc. Aaron is an international speaker, open source advocate, and outgoing introvert. He’s been a regular contributor to WordPress for more than a decade, and is currently employed by Endurance as part of the WordPress team. He has over twenty years of web development SPEAKING - AARON D. CAMPBELL Does Your Event Need a Great Speaker? I’m positive I can bring value to your organization and event as a speaker/story teller. My 2019 speaking topics revolve around: The open web and it’s importance to our future Internet security Introversion (Successfully working with introverts, succeeding as an introvert, etc) Building and leveraging your reputation Think PRESENTER - AARON D. CAMPBELL The presentations are built using Reveal.js by Hakim El Hattab, which means it is extremely extensible, works with most browsers, and even works with presenter remotes. Professional slideshows right on your WordPress site. Brought to you by Aaron D. Campbell. Use automatic installer to install and active the plugin.PRIVACY POLICY
Who we are Our website address is: https://aarondcampbell.com. What personal data we collect and why we collect it Comments When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. An anonymized string created from EFFICIENT RELATED POSTS Download Description Installation FAQ Changelog Details There is a problem with related posts plugins, and Efficient Related Posts is fixing that by approaching the problem from a different direction and offering a very different solution. Basically, current related post plugins build the list of related posts on the fly when the user needsto view
THE OPEN WEB MATTERS The internet as we know it started around 1991. Tim Berners Lee, working with CERN, developed HTTP, HTML, and the first ever web browser.The internet was much more academic at that time and looked a lot like the pages of a research paper. WORDCAMP PHOENIX 2020 Why WordPress in a World with Options? WordCamp Phoenix 2020 . Aaron D. Campbell @AaronCampbell. Some people are just lucky – like hitthe lottery or
GOOGLE MAPS FOR WORDPRESS Download Description Installation FAQ Details This plugin allows you to easily insert Google Maps into your blog, making use of the new shortCode system in WordPress 2.5. The maps can be configured to offer directions to or from the location, show or hide the zoom/pan controls, show/hide map type (street view, satellite, etc), activatezoom
MY WORDPRESS PLUGINS For the first time in about fourteen years, I don’t have a company of my own. I’ve always kept my plugins on my company site, but now they’re all going to reside here for aAARON D. CAMPBELL
Given a very short (too short), ten character random password of yZ3#8gPI^0, the entropy is ~65.7 ( log2 9510 ). Assuming that you can try to crack the username separate from the password, the combined entropy is ~126.8. If you instead increase the length of your password to 20 characters, it’s entropy alone would be ~131.4.ABOUT AARON
About Aaron. Images of Aaron for use in speaking profiles, media, etc. Aaron is an international speaker, open source advocate, and outgoing introvert. He’s been a regular contributor to WordPress for more than a decade, and is currently employed by Endurance as part of the WordPress team. He has over twenty years of web development SPEAKING - AARON D. CAMPBELL Does Your Event Need a Great Speaker? I’m positive I can bring value to your organization and event as a speaker/story teller. My 2019 speaking topics revolve around: The open web and it’s importance to our future Internet security Introversion (Successfully working with introverts, succeeding as an introvert, etc) Building and leveraging your reputation Think PRESENTER - AARON D. CAMPBELL The presentations are built using Reveal.js by Hakim El Hattab, which means it is extremely extensible, works with most browsers, and even works with presenter remotes. Professional slideshows right on your WordPress site. Brought to you by Aaron D. Campbell. Use automatic installer to install and active the plugin.PRIVACY POLICY
Who we are Our website address is: https://aarondcampbell.com. What personal data we collect and why we collect it Comments When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. An anonymized string created from EFFICIENT RELATED POSTS Download Description Installation FAQ Changelog Details There is a problem with related posts plugins, and Efficient Related Posts is fixing that by approaching the problem from a different direction and offering a very different solution. Basically, current related post plugins build the list of related posts on the fly when the user needsto view
THE OPEN WEB MATTERS The internet as we know it started around 1991. Tim Berners Lee, working with CERN, developed HTTP, HTML, and the first ever web browser.The internet was much more academic at that time and looked a lot like the pages of a research paper. WORDCAMP PHOENIX 2020 Why WordPress in a World with Options? WordCamp Phoenix 2020 . Aaron D. Campbell @AaronCampbell. Some people are just lucky – like hitthe lottery or
GOOGLE MAPS FOR WORDPRESS Download Description Installation FAQ Details This plugin allows you to easily insert Google Maps into your blog, making use of the new shortCode system in WordPress 2.5. The maps can be configured to offer directions to or from the location, show or hide the zoom/pan controls, show/hide map type (street view, satellite, etc), activatezoom
MY WORDPRESS PLUGINS For the first time in about fourteen years, I don’t have a company of my own. I’ve always kept my plugins on my company site, but now they’re all going to reside here for aAARON D. CAMPBELL
First let me say that search engine optimization is a very complex subject. There are people who really know what they are doing and plenty of people that don’t.This writeup will not get you to the point where you really understand it all, and I highly recommend that you budget for a professional, but this will be a good start for people that are just starting and need to know what they can do.WP GOOGLE ANALYTICS
Download Description Installation FAQ Changelog Details WP Google Analytics makes it easy to track your site’s usage, with lots of helpful additional data. Features: Uses Google’s asynchronous tracking method which is faster and more reliable. Automatically tracks site speed Option to log outgoing links as events Option to log 404 errors as events Use custom AARON D. CAMPBELL, AUTHOR AT AARON D. CAMPBELL Security is ever a game of balance. Ease of use against safety is the one I find myself thinking about most often; locks on your door inconvenience you with having to get out your keys, long and unique passwords necessitate working with a password manager, two factor requires additional equipment and steps. OPEN SOURCE GOT ME STARTED My entire career path has been made possible by open source software. Even in the early 90s it's how I learned to write code at only nineyears old.
BEING UNDERSTANDING IN THIS DIGITAL AGE This has been an interesting week for me. I’ve worked every day from a hospital room. To try to keep a very long story somewhat short, my grandma was in the ER Sunday, the experience was bad and they dismissed her rather than taking the time to actually figure out the problem. This resulted inPULL QUOTES
Download Description Installation FAQ Changelog Details Pull Quotes done right. The pull quotes are created with javascript, so that you don’t have any problems with out of order or duplicate content. Collaborate on the plugin: Pull Quotes on GitHub Brought to you by Aaron D. Campbell Use automatic installer to install and active theplugin.
MANUAL RELATED LINKS Download Description Installation FAQ Details This plugin allows you to manually enter links that are related to a post. They can be on any site and you can enter just the URL or an entire link (specifying the title attribute, onclicks, etc). There are helper functions to THE DIFFICULTIES OF SECURITY DISCLOSURE Security is ever a game of balance. Ease of use against safety is the one I find myself thinking about most often; locks on your door inconvenience you with having to get out your keys, long and unique passwords necessitate working with a password manager, two factor requires additional equipment and steps. CASE FOR THE REST API ENDPOINTS The Open Web and a History Lesson For this to make sense, you first need to understand how I view the web right now. The internet has become a foundation that a huge percentage of humankind rely on. I think that our future is as dependent on technology, the internetbeing a
SEARCH ENGINE OPTIMIZATION (SEO) IN SIMPLE TERMS First let me say that search engine optimization is a very complex subject. There are people who really know what they are doing and plenty of people that don’t.This writeup will not get you to the point where you really understand it all, and I highly recommend that you budget for a professional, but this will be a good start for people that are just starting and need to know what they can do.AARON D. CAMPBELL
Given a very short (too short), ten character random password of yZ3#8gPI^0, the entropy is ~65.7 ( log2 9510 ). Assuming that you can try to crack the username separate from the password, the combined entropy is ~126.8. If you instead increase the length of your password to 20 characters, it’s entropy alone would be ~131.4.ABOUT AARON
About Aaron. Images of Aaron for use in speaking profiles, media, etc. Aaron is an international speaker, open source advocate, and outgoing introvert. He’s been a regular contributor to WordPress for more than a decade, and is currently employed by Endurance as part of the WordPress team. He has over twenty years of web development SPEAKING - AARON D. CAMPBELL Does Your Event Need a Great Speaker? I’m positive I can bring value to your organization and event as a speaker/story teller. My 2019 speaking topics revolve around: The open web and it’s importance to our future Internet security Introversion (Successfully working with introverts, succeeding as an introvert, etc) Building and leveraging your reputation Think PRESENTER - AARON D. CAMPBELL The presentations are built using Reveal.js by Hakim El Hattab, which means it is extremely extensible, works with most browsers, and even works with presenter remotes. Professional slideshows right on your WordPress site. Brought to you by Aaron D. Campbell. Use automatic installer to install and active the plugin.PRIVACY POLICY
Who we are Our website address is: https://aarondcampbell.com. What personal data we collect and why we collect it Comments When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. An anonymized string created from EFFICIENT RELATED POSTS Download Description Installation FAQ Changelog Details There is a problem with related posts plugins, and Efficient Related Posts is fixing that by approaching the problem from a different direction and offering a very different solution. Basically, current related post plugins build the list of related posts on the fly when the user needsto view
THE OPEN WEB MATTERS The internet as we know it started around 1991. Tim Berners Lee, working with CERN, developed HTTP, HTML, and the first ever web browser.The internet was much more academic at that time and looked a lot like the pages of a research paper.WEBSITE SECURITY
2 thoughts on “ Website Security – Simple Steps to Take ” Steven Gliebe April 14, 2017 at 9:55 am. This is really clear and useful. Thanks for writing it. Passing it on, for sure. Also important is for users to keep WordPress, plugins and themes up to date. WORDCAMP PHOENIX 2020 Why WordPress in a World with Options? WordCamp Phoenix 2020 . Aaron D. Campbell @AaronCampbell. Some people are just lucky – like hitthe lottery or
MY WORDPRESS PLUGINS For the first time in about fourteen years, I don’t have a company of my own. I’ve always kept my plugins on my company site, but now they’re all going to reside here for aAARON D. CAMPBELL
Given a very short (too short), ten character random password of yZ3#8gPI^0, the entropy is ~65.7 ( log2 9510 ). Assuming that you can try to crack the username separate from the password, the combined entropy is ~126.8. If you instead increase the length of your password to 20 characters, it’s entropy alone would be ~131.4.ABOUT AARON
About Aaron. Images of Aaron for use in speaking profiles, media, etc. Aaron is an international speaker, open source advocate, and outgoing introvert. He’s been a regular contributor to WordPress for more than a decade, and is currently employed by Endurance as part of the WordPress team. He has over twenty years of web development SPEAKING - AARON D. CAMPBELL Does Your Event Need a Great Speaker? I’m positive I can bring value to your organization and event as a speaker/story teller. My 2019 speaking topics revolve around: The open web and it’s importance to our future Internet security Introversion (Successfully working with introverts, succeeding as an introvert, etc) Building and leveraging your reputation Think PRESENTER - AARON D. CAMPBELL The presentations are built using Reveal.js by Hakim El Hattab, which means it is extremely extensible, works with most browsers, and even works with presenter remotes. Professional slideshows right on your WordPress site. Brought to you by Aaron D. Campbell. Use automatic installer to install and active the plugin.PRIVACY POLICY
Who we are Our website address is: https://aarondcampbell.com. What personal data we collect and why we collect it Comments When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. An anonymized string created from EFFICIENT RELATED POSTS Download Description Installation FAQ Changelog Details There is a problem with related posts plugins, and Efficient Related Posts is fixing that by approaching the problem from a different direction and offering a very different solution. Basically, current related post plugins build the list of related posts on the fly when the user needsto view
THE OPEN WEB MATTERS The internet as we know it started around 1991. Tim Berners Lee, working with CERN, developed HTTP, HTML, and the first ever web browser.The internet was much more academic at that time and looked a lot like the pages of a research paper.WEBSITE SECURITY
2 thoughts on “ Website Security – Simple Steps to Take ” Steven Gliebe April 14, 2017 at 9:55 am. This is really clear and useful. Thanks for writing it. Passing it on, for sure. Also important is for users to keep WordPress, plugins and themes up to date. WORDCAMP PHOENIX 2020 Why WordPress in a World with Options? WordCamp Phoenix 2020 . Aaron D. Campbell @AaronCampbell. Some people are just lucky – like hitthe lottery or
MY WORDPRESS PLUGINS For the first time in about fourteen years, I don’t have a company of my own. I’ve always kept my plugins on my company site, but now they’re all going to reside here for aAARON D. CAMPBELL
Numbers put WordPress at somewhere between 20 and 25 percent of the web, so if you want to be able to affect literally tens of millions of sites at once, you want to compromise WordPress. Having said that, minimum effort is also accurate and explainable. Minimum effort because you only have to target a single system. AARON D. CAMPBELL, AUTHOR AT AARON D. CAMPBELL Security is ever a game of balance. Ease of use against safety is the one I find myself thinking about most often; locks on your door inconvenience you with having to get out your keys, long and unique passwords necessitate working with a password manager, two factor requires additional equipment and steps. THE OPEN WEB MATTERS The internet as we know it started around 1991. Tim Berners Lee, working with CERN, developed HTTP, HTML, and the first ever web browser.The internet was much more academic at that time and looked a lot like the pages of a research paper. OPEN SOURCE GOT ME STARTED My entire career path has been made possible by open source software. Even in the early 90s it's how I learned to write code at only nineyears old.
WP GOOGLE ANALYTICS
Download Description Installation FAQ Changelog Details WP Google Analytics makes it easy to track your site’s usage, with lots of helpful additional data. Features: Uses Google’s asynchronous tracking method which is faster and more reliable. Automatically tracks site speed Option to log outgoing links as events Option to log 404 errors as events Use custom BEING UNDERSTANDING IN THIS DIGITAL AGE This has been an interesting week for me. I’ve worked every day from a hospital room. To try to keep a very long story somewhat short, my grandma was in the ER Sunday, the experience was bad and they dismissed her rather than taking the time to actually figure out the problem. This resulted inPULL QUOTES
Download Description Installation FAQ Changelog Details Pull Quotes done right. The pull quotes are created with javascript, so that you don’t have any problems with out of order or duplicate content. Collaborate on the plugin: Pull Quotes on GitHub Brought to you by Aaron D. Campbell Use automatic installer to install and active theplugin.
CASE FOR THE REST API ENDPOINTS The Open Web and a History Lesson For this to make sense, you first need to understand how I view the web right now. The internet has become a foundation that a huge percentage of humankind rely on. I think that our future is as dependent on technology, the internetbeing a
THE DIFFICULTIES OF SECURITY DISCLOSURE Security is ever a game of balance. Ease of use against safety is the one I find myself thinking about most often; locks on your door inconvenience you with having to get out your keys, long and unique passwords necessitate working with a password manager, two factor requires additional equipment and steps. MANUAL RELATED LINKS Download Description Installation FAQ Details This plugin allows you to manually enter links that are related to a post. They can be on any site and you can enter just the URL or an entire link (specifying the title attribute, onclicks, etc). There are helper functions toAARON D. CAMPBELL
Given a very short (too short), ten character random password of yZ3#8gPI^0, the entropy is ~65.7 ( log2 9510 ). Assuming that you can try to crack the username separate from the password, the combined entropy is ~126.8. If you instead increase the length of your password to 20 characters, it’s entropy alone would be ~131.4.ABOUT AARON
About Aaron. Images of Aaron for use in speaking profiles, media, etc. Aaron is an international speaker, open source advocate, and outgoing introvert. He’s been a regular contributor to WordPress for more than a decade, and is currently employed by Endurance as part of the WordPress team. He has over twenty years of web development SPEAKING - AARON D. CAMPBELL Does Your Event Need a Great Speaker? I’m positive I can bring value to your organization and event as a speaker/story teller. My 2019 speaking topics revolve around: The open web and it’s importance to our future Internet security Introversion (Successfully working with introverts, succeeding as an introvert, etc) Building and leveraging your reputation ThinkAARON D. CAMPBELL
Numbers put WordPress at somewhere between 20 and 25 percent of the web, so if you want to be able to affect literally tens of millions of sites at once, you want to compromise WordPress. Having said that, minimum effort is also accurate and explainable. Minimum effort because you only have to target a single system.WP GOOGLE ANALYTICS
Download Description Installation FAQ Changelog Details WP Google Analytics makes it easy to track your site’s usage, with lots of helpful additional data. Features: Uses Google’s asynchronous tracking method which is faster and more reliable. Automatically tracks site speed Option to log outgoing links as events Option to log 404 errors as events Use customMY PLUGINS ARCHIVE
Open Facebook in a new tab Open Twitter in a new tab Open Instagram in a new tab Open LinkedIn in a new tab Open GitHub in a new tabWEBSITE SECURITY
2 thoughts on “ Website Security – Simple Steps to Take ” Steven Gliebe April 14, 2017 at 9:55 am. This is really clear and useful. Thanks for writing it. Passing it on, for sure. Also important is for users to keep WordPress, plugins and themes up to date. THE OPEN WEB MATTERS The internet as we know it started around 1991. Tim Berners Lee, working with CERN, developed HTTP, HTML, and the first ever web browser.The internet was much more academic at that time and looked a lot like the pages of a research paper. EFFICIENT RELATED POSTS Download Description Installation FAQ Changelog Details There is a problem with related posts plugins, and Efficient Related Posts is fixing that by approaching the problem from a different direction and offering a very different solution. Basically, current related post plugins build the list of related posts on the fly when the user needsto view
TWITTER WIDGET PRO
Download Description Installation FAQ Changelog Details A widget that properly handles twitter feeds, including parsing @username, #hashtag, and URLs into links. It supports displaying profiles images, and even lets you control whether to display the time and date of a tweet or how log ago it happened (about 5 hours ago, etc). Twitter Widget ProAARON D. CAMPBELL
Given a very short (too short), ten character random password of yZ3#8gPI^0, the entropy is ~65.7 ( log2 9510 ). Assuming that you can try to crack the username separate from the password, the combined entropy is ~126.8. If you instead increase the length of your password to 20 characters, it’s entropy alone would be ~131.4.ABOUT AARON
About Aaron. Images of Aaron for use in speaking profiles, media, etc. Aaron is an international speaker, open source advocate, and outgoing introvert. He’s been a regular contributor to WordPress for more than a decade, and is currently employed by Endurance as part of the WordPress team. He has over twenty years of web development SPEAKING - AARON D. CAMPBELL Does Your Event Need a Great Speaker? I’m positive I can bring value to your organization and event as a speaker/story teller. My 2019 speaking topics revolve around: The open web and it’s importance to our future Internet security Introversion (Successfully working with introverts, succeeding as an introvert, etc) Building and leveraging your reputation ThinkAARON D. CAMPBELL
Numbers put WordPress at somewhere between 20 and 25 percent of the web, so if you want to be able to affect literally tens of millions of sites at once, you want to compromise WordPress. Having said that, minimum effort is also accurate and explainable. Minimum effort because you only have to target a single system.WP GOOGLE ANALYTICS
Download Description Installation FAQ Changelog Details WP Google Analytics makes it easy to track your site’s usage, with lots of helpful additional data. Features: Uses Google’s asynchronous tracking method which is faster and more reliable. Automatically tracks site speed Option to log outgoing links as events Option to log 404 errors as events Use customMY PLUGINS ARCHIVE
Open Facebook in a new tab Open Twitter in a new tab Open Instagram in a new tab Open LinkedIn in a new tab Open GitHub in a new tabWEBSITE SECURITY
2 thoughts on “ Website Security – Simple Steps to Take ” Steven Gliebe April 14, 2017 at 9:55 am. This is really clear and useful. Thanks for writing it. Passing it on, for sure. Also important is for users to keep WordPress, plugins and themes up to date. THE OPEN WEB MATTERS The internet as we know it started around 1991. Tim Berners Lee, working with CERN, developed HTTP, HTML, and the first ever web browser.The internet was much more academic at that time and looked a lot like the pages of a research paper. EFFICIENT RELATED POSTS Download Description Installation FAQ Changelog Details There is a problem with related posts plugins, and Efficient Related Posts is fixing that by approaching the problem from a different direction and offering a very different solution. Basically, current related post plugins build the list of related posts on the fly when the user needsto view
TWITTER WIDGET PRO
Download Description Installation FAQ Changelog Details A widget that properly handles twitter feeds, including parsing @username, #hashtag, and URLs into links. It supports displaying profiles images, and even lets you control whether to display the time and date of a tweet or how log ago it happened (about 5 hours ago, etc). Twitter Widget ProAARON D. CAMPBELL
Numbers put WordPress at somewhere between 20 and 25 percent of the web, so if you want to be able to affect literally tens of millions of sites at once, you want to compromise WordPress. Having said that, minimum effort is also accurate and explainable. Minimum effort because you only have to target a single system.CONTACT AARON
This form is NOT for reporting security vulnerabilities in the WordPress open source project – please use the WordPress HackerOne for that. It is also not for WordPress supportWEBSITE SECURITY
2 thoughts on “ Website Security – Simple Steps to Take ” Steven Gliebe April 14, 2017 at 9:55 am. This is really clear and useful. Thanks for writing it. Passing it on, for sure. Also important is for users to keep WordPress, plugins and themes up to date. OPEN SOURCE GOT ME STARTED My entire career path has been made possible by open source software. Even in the early 90s it's how I learned to write code at only nineyears old.
PRIVACY POLICY
Who we are Our website address is: https://aarondcampbell.com. What personal data we collect and why we collect it Comments When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. An anonymized string created from BEING UNDERSTANDING IN THIS DIGITAL AGE This has been an interesting week for me. I’ve worked every day from a hospital room. To try to keep a very long story somewhat short, my grandma was in the ER Sunday, the experience was bad and they dismissed her rather than taking the time to actually figure out the problem. This resulted in CASE FOR THE REST API ENDPOINTS The Open Web and a History Lesson For this to make sense, you first need to understand how I view the web right now. The internet has become a foundation that a huge percentage of humankind rely on. I think that our future is as dependent on technology, the internetbeing a
THE DIFFICULTIES OF SECURITY DISCLOSURE Security is ever a game of balance. Ease of use against safety is the one I find myself thinking about most often; locks on your door inconvenience you with having to get out your keys, long and unique passwords necessitate working with a password manager, two factor requires additional equipment and steps. IN SUPPORT OF STRONGER PASSWORDS I can discover usernames in WordPress, which means I’m halfway to compromising an account. It’s a common security report. The details vary – sometimes they find usernames through CSS classes, sometimes they’re using enumeration, sometimes it’s from a REST API endpoint – but the real problem is that the underlying logic is flawed.WordPress has
JOINING GODADDY AS A FULL-TIME WORDPRESS CORE CONTRIBUTOR Well, the title here kind of gives it away. I’m excited to say that I’m officially joining GoDaddy as a full-time WordPress Core contributor. I start there on September 6th, and am excited to help push WordPress forward with the full support of a company like GoDaddybehind me.
Skip to content
Skip to content
Search Toggle
AARON D. CAMPBELL
International Speaker, Open Source Advocate, Outgoing Introvert* WordPress Plugins
* Presenter
* Pull Quotes
* Twitter Widget Pro * WP Google Analytics * Efficient Related Posts * Background Updates for Major Releases* About
* Contact
* Book Me as a SpeakerMenu
Search for: Submit
HANGING MY HAT SOMEWHERE NEW * Post author By Aaron D. Campbell * Post date January 15, 2021 * Categories In Uncategorized * No Comments on Hanging My Hat Somewhere New Last week was my final week at GoDaddy. It was a little over four years ago, when I joined GoDaddy as a full-time WordPress contributor.
I went in with a goal to help make WordPress better, and GoDaddy really empowered me to do that during my time there. It was truly great and I’m going to miss it in so many ways!WHAT’S NEXT?
I continue to be passionate about the open weband open
source software, like WordPress, as a part of it. I still strongly believe that the internet is the single most effective information sharing tool in all of history, and keeping it open and accessible to all is critical to humanity’s ability to make forward progress. And I’m still as excited as I’ve ever been to be a part of that. But I’ve also become increasingly focused on the sustainability of the open web and the open products that make it up. If you look at the time and resources required for these things to exist, it’s expensive! Which is why in successful projects like WordPress, we see so many people who are paid in some way or another to work on it. Without those people WordPress would not be where it is. And it’s good when companies do this as a social good or as something tangentially related to what they do, but I think true sustainability here requires more than that. I want to help companies align their products and services, their success, with the health and success of open source software and the open web. I want to help build symbiotic relationships that bring sustainable, ongoing benefit to the WordPress community and the web as a whole.WHERE?
I’m super excited to be joining Enduranceand the Bluehost
family, to do just this. Endurance has already shown their commitment to the WordPress project and community. I look forward to helping them continue to align with that commitment in an effort to build toward the sustainability of the open web.HACKERONE UPDATE
* Post author By Aaron D. Campbell * Post date November 11, 2017 * Categories In Uncategorized * No Comments on HackerOne Update WordPress officially launched the WordPress bug bounty program onHackerOne
May
15 of this year, almost six months ago. The goal was to leverage the tools HackerOne provides to improve the quality and consistency of our communication with reporters, and to reduce the time spent on responding to commonly reported issues in order to free our team to focus more time on improving the security of WordPress as well as our sites and other properties.SUCCESS
Since that launch, we have paid out approximately $14,000 in bounties for thirty-nine unique reports – an average of more than $350 for each valid report – from twenty-two different hackers (researchers). This part is exciting! People are helping keep WordPress secure.STRUGGLES
It's amazing that we've been able to resolve these valid reports (not all were eligible for bounties, some were sent swag as a thank you), but there's more to the story. Those valid reports only account for roughly 16% of the overall reports. About five out of every six reports are invalid. These invalid reports still take time to process,test, etc.
Time is always valuable, but when working with a volunteer team it can feel even more so. Dealing regularly with invalid reports not only consumes a lot of time, but can also feel extremely useless – like a lot of work for no reason. We need to continue to focus on improving this process, but I'm extremely thankful to the people on the team that work to triage on HackerOne for us.WHAT NOW
I would say that the program has been a success so far, so we want to continue it. We _are_ actively working to address the biggest struggle we face, which are the invalid reports that take up so much time without yielding useful results. HackerOne offers some tools that we're trying to leverage to help. * Common responses – building up a repertoire of useful responses that can be easily sent to reporters takes time. We hope this will pay off in future time savings, as we no longer have to write the same basic response over and over. * Triggers – these allow us to automatically show one (or more) of our common responses to reporters as "Are you sure?" interstitials, based upon key words in the report. Adding some of these has helped and we hope to build a good collection of them as we go. * Reputation – HackerOne has both a reputation and a signal rating for all users. We can limit the ability to submit reports to only hackers with a minimum signal. There is a balance here. We don't want to miss out on valid reports, but we do want to reduce the noise. We are also working with HackerOne to find other ways to might be able to improve our processes. Stay tuned! THE OPEN WEB MATTERS * Post author By Aaron D. Campbell * Post date June 1, 2017 * Categories In Open Web * No Comments on The Open Web Matters The internet is no longer a toy. It is no longer used only for fun or even simply for research. It is now an integral part of people’s lives, of businesses, and even entire economies. Comedian and science advocate, Bill Nye, was recently speaking about his new show _Bill Nye Saves the World_. Asked why he thought it was so important, hesaid:
> I want clean water for everyone on Earth; renewably-produced, > reliable electricity for everyone on Earth; access to the internet, > or whatever the future of electronic information is, so that > everybody in the world can participate in taking care of the planet. > Bill Nye to CNN>
Water, electricity, and internet. It may sound crazy, but I would argue that the science guy is right. The internet is vitally important to the future of humanity. It needs to be protected, secured, and available. This cannot happen unless it is open.HISTORY
CERN has restored a copy of the 1992 version of the site– the earliest
copy researchers at CERN have been able to find. The internet as we know it started around 1991. Tim Berners Lee, working with CERN , developed HTTP, HTML, and the first ever web browser. The internet was much more academic at that time and looked a lot like the pages of a researchpaper.
Around the same time, the Commercial Internet eXchange was trying to do something ground breaking. They were attempting to connect the various stand alone networks, mostly US governmental agencies, to allow traffic to be exchanged between them. The controversial thing at the time was that they wanted a no-settlement policy between the groups involved. We take this for granted, expecting to easily access any information or service on the web without caring where or how it’s hosted. Imagine an internet where this wasn’t the case. Where you could only access a small fraction of the available sites andservices.
What if Amazon were on one network, Netflix another, Twitter and Facebook still another, and none of those networks would talk to each other without additional usage fees. Your sphere of information available to you would be incredibly different. Drastically limited. This is kind of Internet we could experience if we don’t keep theweb open.
HISTORY OF MODERN HUMANS Why is this so important? Why should I care? To answer that we need to look at how the dissemination of information has affected the progress of humanity. Nine hundred years ago, in the early twelfth century, the French philosopher Bernard of Chartres spoke about the fast progress humans were making. He said that the moderns were like dwarves perched on the shoulders of giants (the Ancients) and thus were able to see more and farther than the latter. “And this is not at all because of the acuteness of our sight or the stature of our body, but because we are carried aloft and elevated by the magnitude of the giants.” Never heard of Bernard of Chartres but the “shoulders of giants” phrase sounds familiar? Isaac Newton said the same thing over five hundred years later. > If I have seen further, it is by standing on the shoulders of> giants.
> Isaac Newton, 1675 It’s easy to see Isaac Newton as a giant. He gave us calculus and newtonian mechanics. We’ve used these as the basis for calculations to put people on the moon and to build skyscrapers that don’t fall over. The jet engine, a thing that in and of itself has forever changed the world, uses his principles and mathematics. Because people before Isaac Newton shared their knowledge openly with him, he was able to add to it and share that knowledge with future generations, who were able to leverage it to bring the peoples of our world closer in a way they never could have been otherwise. WHERE THE DANGER LIES Isaac Newton built on the works of those that came before him. Everyone since has built on his works. Shared information make this possible. It is integral to humanity’s ability to make consistent and rapid progress forward. The internet is the single most effective information sharing tool in all of history. > The internet is the single most effective information sharing tool > in all of history. #OpenWeb> Tweet
>
Isaac Newton was able to stand on the shoulders of those that came before him, _whose work he had access to_. With the internet, access no longer needs to be a limiting factor. Distance doesn’t matter. The implications for the progress of humanity are both serious andexciting!
There are two things that we need to look at to understand the threats against this open dissemination of information that the internet provides – net neutrality and closed systems.NET NEUTRALITY
What is new neutrality? You hear the term used a lot, especially when people are talking about legislation affecting the internet, but what does it really mean? Net neutrality, or the the Open Internet rules, cover three basic things according to the FCC:
* No Blocking. Broadband providers may not block access to legal content, applications, services, or non-harmful devices. * No Throttling. Broadband providers may not impair or degrade lawful Internet traffic on the basis of content, applications, services, or non-harmful devices. * No Paid Prioritization. Broadband providers may not favor some lawful Internet traffic over other lawful traffic in exchange for consideration of any kind—in other words, no “fast lanes.” This rule also bans ISPs from prioritizing content and services of theiraffiliates.
The dangers of all these really come down to the honesty, integrity, and motivations of the people enforcing these limitations. Blocking bad/inaccurate content or throttling services that are less important to give precedence to ones that are more so, both sound fine – but who makes that decision? What group of people can decide that certain information isn’t accurate? Can that control or influence the thoughts and understandings of whole generations? Now involve money. What happens when companies are able to pay to control the flow of information? When one drink giant pays to limit access to accurate information about their competitors while spreading inaccurate information? Or when tobacco companies can interfere with the ability of people to discover the actual risks of their products? Free and open access to information is absolutely critical to our freedom as a people. Taking away people’s ability to make their own decisions, whether by force or by limiting access to information, iswrong.
CLOSED SYSTEMS
Many people easily identify the risks in the loss of net neutrality, but most miss the threat posed by closed systems. A system that you use, feed data into, and rely on that is closed source and owned by a company, is a danger. Whether it’s Facebook, Twitter, or Instagram for your personal data or Shopify, Wix, or Salesforce for yourbusiness.
It’s not that these systems are bad, but they are certainly dangerous. When another company owns the platform you rely on, what happens when your goals or needs diverge from theirs? Companies controlling the dissemination of information is dangerous. > Companies controlling the dissemination of information is dangerous.> #OpenWeb
> Tweet
>
WHAT CAN YOU DO?
When net neutrality legislation is on the table, take action! Inform yourself though, not all legislation is good. Spread the word about the dangers of a closed web. Vote with your dollars and your support. Use open platforms like WordPress and encourage others to do the same. Above all else be aware of the danger and watch for it. _Photo credit: Barefootliam._
IN SUPPORT OF STRONGER PASSWORDS – NOT SECRET USERNAMES * Post author By Aaron D. Campbell * Post date April 9, 2017 * Categories In WordPress Security * 5 Comments on In Support of Stronger Passwords – Not SecretUsernames
> I can discover usernames in WordPress, which means I’m halfway to > compromising an account. It’s a common security report. The details vary – sometimes they find usernames through CSS classes, sometimes they’re using enumeration, sometimes it’s from a REST API endpoint – but the real problem is that the underlying logic is flawed. WordPress has taken the stance that usernames aren’t secret.FROM OUR HANDBOOK
:
> The WordPress project doesn’t consider usernames or user ids to be > private or secure information. A username is part of your online > identity. It is meant to identify, not verify, who you are saying > you are. Verification is the job of the password.>
> Generally speaking, people do not consider usernames to be secret, > often sharing them openly. Additionally, many major online > establishments — such as Google and Facebook — have done away > with usernames in favor of email addresses, which are shared around > constantly and freely. WordPress has also moved this way, allowing > users to log in with an email address or username since version 4.5.>
> Instead of attempting to hide a public identifier, WordPress > attempts to encourage users to choose strong passwords instead, > through both user interface as well as education.>
> Note that WordPress is not the only open source project to believe > this. Drupal has similar arguments for the same thing> .
Why? Because knowing a username doesn’t mean you’re halfway to compromising an account. Let me explain. Knowing a username doesn't mean you're halfway to compromising anaccount.
Click
To Tweet
USERNAMES ARE PUBLIC A username is an identifier, a claim to who you are, much like your actual name. When I go to the bank to pull out cash I identify as Aaron Campbell, but then they want to verify that by looking at my drivers license or passport. That required verification is your password. I share my name with anyone, but they cannot have my verification documents. Those are mine. Moving back to the internet, my username on Twitter is aaroncampbell and every one of my followers knows that. My username on Gmail and Facebook is aaron@xavisys.com and anyone that ever E-Mails me knows this – it even used to be on my business cards. You could discover my username on this site, but you don’t need to – it’s aaroncampbell. Even if I didn’t have two factor enabled in all those places though, you wouldn’t be “halfway” to compromising any of those accounts. Users know they need good passwords but usernames are generally simple, easy to remember, and alphabetic or alphanumeric. To put it simply, they’re already easy to guess. But wouldn’t keeping them secret still help? Wouldn’t having to guess both the username _and_ password make it twice as hard? Shouldn’t WordPress help with that? No, no, and no. And it all comes down to entropy.ENTROPY
Password strength is usually referred to in terms of information entropy, measured in bits. The idea is that a password with 42 bits of entropy would be as strong as a string of 42 random bits. There can be a lot of complexity in calculating accurate entropy. Dictionary words (including ones in custom dictionaries built for the target), patterns, dates, and many other things can be used to reduce the raw entropy of a string. Best case scenario though, your password isn’t susceptible to any of those, in which case the raw entropy (_H_) can be calculated using this formula, where _N_ is the number of possible symbols for each character, and _L_ is the number of characters in thepassword:
H = LOG2 NL
Let’s calculate the entropy of my username of aaroncampbell. It’s 13 characters long (_L_) and each character has 26 possible symbols (_N_), giving ~61.1 = LOG2 2613. Keep in mind that in a real-world scenario, my first and last name, along with many other words specific to me, would likely already be built into a dictionary, making thisnumber much lower.
Given a very short (too short), ten character random password of yZ3#8gPI^0, the entropy is ~65.7 (LOG2 9510). Assuming that you can try to crack the username separate from the password, the combined entropy is ~126.8. If you instead increase the length of your password to 20 characters, it’s entropy alone would be ~131.4. All my passwords are 50 characters or ~328.5 bits ofentropy.
THE BEST SOLUTION
Don’t worry about your username, but _do_ focus heavily on your password practices. Use a password manager like LastPassor 1Password . You
cannot have good password practices without a password manager. Good passwords should be long – 50 characters is what I use; random – not a “random phrase” you use, but actually randomly generated using a large character set; and unique – only used in one place. You cannot have good password practices without a password manager. Try @LastPass or @1Password.Click
To Tweet
BONUS
If you really want to secure your account, use two factor authentication (2FA). Many sites offer this option, and I personally use it everywhere I can. I use Authy as my 2FA app because I think it’s the most user friendly. It allows me to rearrange things to fit my preferences, add it to multiple devices, and even backup and restore everything for when I change devices. You can also use Google Authenticatoror LastPass
Authenticator . To add 2FA to your WordPress website, you can use iThemes Security Pro (paid), which is what I use, or TwoFactor .
WEBSITE SECURITY – SIMPLE STEPS TO TAKE * Post author By Aaron D. Campbell * Post date April 4, 2017 * Categories In WordPress Security * 2 Comments on Website Security – Simple Steps to Take Website security is important. We all know it. For many though, it’s a topic they prefer not to talk or think too much about. They don’t really consider it in very many areas as they build or manage theirsite. Why?
SECURITY IS SCARY
You know you want to be secure, so you start to check out this weird security thing. Brute force? You can handle that; good passwords, limit login attempts, maybe even two factor authentication. Then you suddenly become aware of cross-site scripting (XSS), SQL injection (SQLi), cross-site request forgery (CSRF), remote code execution (RCE), and potentially so many more that you’re simply terrified. You begin to buy into “ignorance is bliss”. But website security doesn’t have to be scary. Website security doesn't have to be scaryClick
To Tweet
SECURITY IS SOMETHING YOU CAN HANDLE you can DRASTICALLY increase your online security. When you start to research website security it’s easy to become overwhelmed as you’re slowly exposed to all the various forms of attacks. Each can be nuanced, complex, and confusing. The good news is, you don’t need to know how every vulnerability works in order to increase your security. Many of them can be prevented by following some relatively simple best practices. With a little added effort and by making a few smart decisions along the way, you can DRASTICALLY increase your online security. A little added effort and a few smart decisions can drastically increase your online security.Click
To Tweet
When most people think about securing their site, the first thing they think of is their password. And passwords are important. They aren’t where you should start though. SECURITY AND YOUR HOST The security of your site needs to be managed all the way down “the stack”. The stack is all the software that sits on top of each other in layers to become your website. The tip of this is likely all you really interact with – WordPress and your plugins. Below that is your database, PHP, caching tools, web server software like Apache or nGinx, and an operating system. There’s probably also a firewall somewhere either inside that stack or outside as a separate appliance. Every part of this software stack needs to be properly configured, managed, and continually kept up to date. It’s integral to the security of your website. It’s also a lot of work and quite complex. Thankfully, you don’t have to worry about it if you choose a good quality host and let them worry about it for you. Consider security when you choose a host. If you haven’t checked to see that your host has good security practices, take the time to do so. If you haven’t yet chosen a host, make sure that security is one of the things you evaluate when you do. CHOOSE QUALITY SOFTWARE You want quality plugins and themes with reputable people or companies that stand behind them. Most of you are here because you use WordPress. I’m obviously biased,
but I think that was a good decision for security. The WordPress security team works very hard to make sure that WordPress is as secure as possible. However, WordPress isn’t the only software you’re using to run your site. You need to make good decisions about what plugins and themes you use as well. Did you consider security as you selected your plugins and themes? Did you look into the security practices of the companies or developers behind them? Don’t expect to find plugins or themes that have never had a security issue, but do look for those that have handled them well and have implemented good security practices into their development processes. You want quality plugins and themes with reputable people or companies that stand behind them. Take the time to consider other software you’re using as well. Are you using a reliable and reputable SFTP client? Are you running good virus protection software on your computer? With the pervasiveness of the Internet, many modern computer viruses work to harvest login details from websites and send them to someone for later use. Learning to think about security at every step of the way, getting into the “security mindset”, will really help. You’ll start to see places that you can increase your security that you had never before realized even affected your website. GREAT PASSWORD PRACTICES A good password is long, random, and unique. Everyone knows that it’s important to have good passwords, but what makes a password good? A good password is long, random, and unique. How long should a good password be? I tell most people that it should be a minimum of twenty characters. All of mine are at least fifty unless the site or service has a lower limit (which usually leads to me whining lots and often reaching out to them to discuss better password practices). The best passwords are completely randomly generated. What do I mean by random? Well…I mean random. Not a snippet from a poem you like, not a favorite verse, not a seemingly random combination of things you know or easily remember, and not a pattern on the keyboard. The best passwords are completely randomly generated. Unique means that the password is only used in one place. The password to log in to my website is different from the one for my E-Mail, which is different from the one for my computer, which is different from the one for my back, etc, etc. I don’t use the same password in two places and neither should you. How can I possibly have that many different fifty character passwords that are completely randomly generated? Do I have a super human mind? Not at all. I use a password manager. You can’t have good password practices without a password manager. I use LastPass . Lots of people love 1Password and it’s a great option as well. I don’t care which you use, but you need to use one. Passwords should be long, random, and unique. You need a password manager to do it right.Click
To Tweet
This is one of those areas where you have to put in that added effort I mentioned. A password manager will take some time and effort to set up and get used to using. Eventually though, you’ll probably find that it makes things easier not harder. It’s a fantastic investment into your online security. TWO FACTOR AUTHENTICATION When you try to log into your site you fill in a username field. On this site for me, that’s either my E-Mail address or “aaroncampbell”. That’s me saying “I’m Aaron”. My site wants proof of that though, as it should. There are three basic ways you can prove you are who you claim to be. * Something you know – A password for example. With your bank this might be a PIN. As a kid with a fort, it was a code word. * Something you have – For your car, house, hotel room, etc this would be your key. “Let me in if I have this.” For your website this is probably your smartphone with an app on it. * Something you are – Many phones are starting to support fingerprint access for example. Some data centers use retina scans. Two factor authentication (2FA) simply means that in order to verify you are who you claim to be you must supply proof from at least two of these groups. For websites this is almost always something that you know – your password, and something that you have – your phone with an authentication app on it. I use Authy because I think it’s the most user friendly. It allows me to rearrange things to fit my preferences, add it to multiple devices, and even backup and restore everything for when I change devices. You can also use Google Authenticatoror LastPass
Authenticator .
There are two plugins that make easy to add 2FA to your WordPresswebsite.
* iThemes Security Pro is a paid plugin that also does many other great things for your site. If you want to invest a little money in the security of your site, invest in your host and in this plugin. * Two Factor is a free plugin by George Stephanis that adds two factor authentication to your site simply and effectively. Like your password manager, some additional effort is required for setup and to get used to it. However, the added effort here will continue forever. Every time you log into a site you use two factor authentication on, it will take you an additional fifteen to thirty seconds. It is ABSOLUTELY worth it though. Using multiple factors for identity verification increases security so much that it’s honestly hard to quantify. _BONUS: Once you get used to using two factor on your WordPress website, start using it everywhere else too. I use it on GMail, Github, Slack, Amazon AWS, Mailchimp, Mandrill and more!_SSL CERTIFICATES
Encrypt all data sent between your website and the computer or device that’s accessing it with an SSL certificate. It’s the thing that changes the URL from http:// to https:// and adds a lock and/or a green color to the URL bar of the browser to let the user know they are browsing safely. At this point, there’s no reason for _any_ site to not have an SSL certificate. They used to be quite expensive but cost is no longer an excuse. Many hosts offer them for free and the ones that don’t offer them cheaply. Often you can install them yourself through your control panel, but if you can’t opening a ticket with your host should takecare of it.
IS SECURITY REALLY THAT IMPORTANT? People want to know “why would anyone want to attack my website?” They think that because they don’t process credit cards or store personal information, that no one would care to hack into their site. > It’s not if you get attacked, but rather how you prevent it from > being successful. > – Gerroald Barron There are two basic types of attacks that try to compromise sites. Targeted attacks are the kind that people tend to think of first. A person or persons work to compromise a specific site for some sort of payout. Often they’re trying to get credit card numbers, identities, etc. They want a good payout and put in a concerted effort to get it. The second, and far more prevalent, are scripted attacks. Programs written to crawl the internet and try to compromise sites. Pushing for sheer numbers they look for simple to break passwords, out of date software with vulnerabilities, and other known weaknesses that can be exploited in an automated way. Instead of a large payout from one targeted site, the script attacks hundreds of thousands or millions of sites, compromises thousands, and makes a little bit from each. These attacks aren’t only more prevalent, but are indiscriminate. Anything attached to the internet will be attacked. It’s not if, but when. MAKE IT HARD ON THEM Attacks on your site _will_ happen. You can drastically improve your security, and thus your ability to fend off these attacks, by following these best practices. They’re not overwhelming. They are all things you can do. * Use a Security Conscientious Host – Keeping the stack your site is built on secure helps keep your site secure. * Choose Quality Software – Starting with WordPress is great, but also look at your plugins and themes as well as software on the computers you use to build or access your site. * Use Great Passwords – Great passwords are long, random, and unique. You can only do this correctly with a password manager. * Use Two Factor Authentication – Two factor authentication will use something you know (password) as well as something you have (your smartphone) to verify you are who you claim to be. This is a massive leap forward in the security of your user account. * SSL – Every site should have an SSL certificate. Inexpensive or even free, SSL certificates encrypt all data sent between your website and the computer or device accessing it. OPEN SOURCE GOT ME STARTED * Post author By Aaron D. Campbell * Post date March 21, 2017 * Categories In Open Web * No Comments on Open Source Got Me Started I started writing computer code about 26 years ago in 1991. At that time it wasn’t easy to teach yourself how to code. The Internet existed but not in the way we know it now. It was much smaller, contained far less data, ran at much slower speeds, and the first graphical browser didn’t even exist until two years later. So how did nine year old me learn? Open source.GAMES GET ME
Windows didn’t gain popularity for another year or so. MS-DOS 5.0 released that year though, with a couple life changing games. Nibbles was a classic snake game where the snake grows with each thing it eats and you work to avoid running into obstacles, the wall, or yourself. Gorillas was a turn based combat game of sorts, featuring banana throwing gorillas on a skyline. I played both games as most nine year olds might, bordering on obsessive, but it was the mathematics in Gorillas that really caught my interest. That’s when a fun game became life changing.The
original Gorillas in action. I admit it, I’m feeling quite nostalgic Each player took turns entering an angle and a velocity. Their gorilla would then throw an exploding banana accordingly. The goal was to hit the other gorilla, although the city scape could get in the way. You might have to explode though a building to get your opponent, or throw extremely high and hard to get the right angle to hit them without hitting a piece of the environment. Creativity was a part of it, but it was the numbers that really made it what it was to me. After a while though, the novelty wore off some. I got surprisingly good at judging angles and velocity and fewer and fewer people wanted to play against me anymore. That’s when a fun game became lifechanging.
OPEN SOURCE
This
is what you saw each time you played the game. “Press Shift+F5” to play was as user friendly as it got. Gorillas and Nibbles were both written in QBasic , which is sort of a combination of the BASIC programming language, an IDE, a compiler, and an interpreter. Meaning you could write code in QBasic and it was capable of executing it right there inside the editor. As a curious nine year old I scrolled down to look at the code that powered the game that I enjoyed so much. And I learned. There’s no way that I could have written either of those games at that time in my life. It took months before I could even convince my parents to take me around to book stores in search of resources. But I learned a lot from the code itself. I broke a lot of things, but succeeded in making the bananas behave differently, adding invisible obstacles, spawning the gorillas inside the buildings, and more. It was practically intoxicating! The POWER! It hooked me completely. Because of open source.LEVELING UP
In the early nineties I got into BBSs. First just
logging into them to play “door games” (sorry young people, you’re going to have to Google some of this yourself) and eventually running my own. One of my favorite games was a MUD called Legend of the Red Dragon (L.o.R.D.). Being highly competitive, I found value in tracing through the code of the game and the in-game modules to find the secrets and tricks to be able to level up faster. My ability to understand code was now an assetMy ability to understand code was now an asset to ten year old me. I learned a scripting language called “lady” in order to build my own modules. Existing modules, and their code, were my teachers. My BBS started to stand out as I added my own unique tweaks to a popular game. Enough that my parents noticed. And were none too happy with having three phone lines in our house, all of which were constantly busy. My leveling up in games through code didn’t end though. Chip’s Challenge was all the rage when I was twelve. My seventh grade class went nuts over it. It was a puzzle solving game wherein you overcame obstacles to collect keys. When you completed each level you were given a code to write down. You could use that code to start up where you left off. Everyone was in on the challenge and the codes were proof. I immediately tried to turn to the source code as a solution and was horribly disappointed to find out that I couldn’t. Open source had been so amazing, but it took a closed source application to really make me appreciate it. In order to do what I thought should have been easy, I had to learn about hex editors, earn codes manually, and use each new code I earned to slowly reverse engineer a compiled file. I was the first of my class with a full set of codes, but I was also now enamored with open source software. And it was a closed source game that pushed me that way.MY MENTOR
For anyone that knows what hex editors are or what it takes to reverse engineer compiled code, that last bit might have sounded a little crazy. For those of you that have no idea what any of that is, the correct response is roughly “how could you learn how to do that as a twelve year old in 1994!?” The answer is that I had a mentor now. The summer before seventh grade, my parents connected me with the person that ran the computers for the school union I was in. I spent that whole summer learning under him. I continued to work with him through all of junior high. Even then, much of my learning happened from “open source”, although in most cases it was his source code. I learned the basics of Novell Netware scripting, more BASIC, C, and more. All by having the chance to look at various sources of code and ask him questions.BACK TO OPEN SOURCE
As the Internet became more ubiquitous, I pushed back into open source. It was easier now. In 2000 I started developing websites for money and used only open source platforms. I knew better now. I knew that the easiest way to have the control I wanted was to be able to view and modify the code. In 2005 I made a pivotal decision; I moved to WordPress development. In 2007 I started to contribute back to the project. It hooked me again, and I’ve been happily contributing to and advocating for open source ever since. Twenty six years later and I still love open source. More thanever.
THE DIFFICULTIES OF SECURITY DISCLOSURE * Post author By Aaron D. Campbell * Post date March 6, 2017 * Categories In WordPress Security * 1 Comment on The Difficulties of Security Disclosure Security is ever a game of balance. Ease of use against safety is the one I find myself thinking about most often; locks on your door inconvenience you with having to get out your keys, long and unique passwords necessitate working with a password manager, two factor requires additional equipment and steps. Most often adding security impacts ease of use in some negative way. Finding the balance hereis important.
Disclosing the vulnerability is best for your users. But security isn’t a single balancing act. Many of the decisions we must make require finding the right balance. Each requires thought and consideration, as well as a clear set of priorities. Especially when it comes to disclosing vulnerabilities. Every situation is going to be unique, but knowing the right questions to ask will help. The time to think through these questions is now, hopefully long before you are faced with them. SHOULD THIS VULNERABILITY BE DISCLOSED?Yes.
Disclosing the vulnerability is best for your users. It builds trust. It’s also the best thing you can do for the future of security. Hopefully other people can learn from your issue and not have to face the same one themselves. “But, it’ll make us look bad!” You’ll look worse if someone else discloses it and you were hiding it. No security is perfect. Every company I’ve talked to that has owned up to a security issue has ultimately seen increased trust from their users. “But it’s fixed now and no one was affected.” That’s fantastic! Well done! You should let people know how well you handledit.
“But if we make it public, people will try to exploit it!” Now we’re getting somewhere. This shouldn’t be a question of if, but of when. And deciding when to disclose can be tough. WHEN SHOULD WE DISCLOSE? Who would have thought a four-word question could be so complex and hard to answer? There is so much to consider. How do you balance what’s best for your users and your own reputation (spoiler: What’s best for your users is best for you)? To figure this one out, you’ll need to answer a couple additional questions. HOW SERIOUS IS THE VULNERABILITY? Objectively rating the severity of an issue can be tough, but considering these three things will help: * Discoverability – How likely is it someone could discover this and begin to exploit it? * Exploitability – Is this easy to exploit? Can attackers script it? Does it require authentication or social engineering? * Reach – How many are affected by this? HOW CAN WE BEST PROTECT OUR USERS? It might be that you can protect your users by giving them time to update to a secure version before disclosing. The worst thing about disclosing is that you can not only disclose to the “good actors”. When you put the information out there, it’s available to the well-meaning as well as those with more nefarious intentions. While waiting can give users time to upgrade, remember that if the issue is discovered and exploited before your users know about it, you have ultimately put them at a disadvantage. HOW DETAILED SHOULD THE DISCLOSURE BE? Yet another balance to be found. This one between informing your users and giving instructions to the potential exploiters. Make sure to include enough information for your users. * Help them understand how severe the issue is. Hiding the severity doesn’t help them. * Let them know what risk they face. * Give them steps to follow to protect themselves. This is not a how-to. Do not include enough information for people to be able to easily exploit. Make them figure that out on their own. WHAT DID I DO WRONG? Ask yourself this last question after everything has settled. Maybe a week or two after the actual disclosure, sit down and assess how it went. Revel in the successes, but admit the mistakes. Use them to tweak your processes for next time. CASE FOR THE REST API ENDPOINTS * Post author By Aaron D. Campbell * Post date September 17, 2016 * Categories In WordPress * No Comments on Case for the REST API Endpoints THE OPEN WEB AND A HISTORY LESSON For this to make sense, you first need to understand how I view the web right now. The internet has become a foundation that a huge percentage of humankind rely on. I think that our future is as dependent on technology, the internet being a key piece of that, as our recent past has been dependent on scientific foundations. I truly believe that the future of all people will be better if this key piece of our technological foundation is freely available to all, able to be used for any purpose, and not controlled or excessively influenced by any particular person or group. I gave a short talk recently in Phoenix, where I said this very thing, and it came with a small history lesson that bears repeating. Robert Hooke was a scientist in the late 17th century. Many of you might vaguely remember his name from your junior high science class. He’s the guy that looked at cork under a microscope and discovered that plants, and much more, are made up of cells. Isaac Newton is a name you probably remember better. We all picture an apple when we think of him, right? Something about gravity? The truth is that Isaac Newton gave us a lot. He invented calculus, discovered many things about light including that white light is made up of many other colors of light, and in his principia he gave us laws aboutgravity and motion.
In a letter from Newton to Hooke in 1675, Newton famously said: > If I have seen further, it is by standing on the shoulders of> giants.
And the best part is, we’ve been standing on the shoulders of people like these since. Much of modern medicine can be traced back to an understanding of the cell. Similarly, our world has been made smaller through things like air travel, where modern jet engine technology could not exist without calculus or the principles of force that Newton gave us. Because of this, society as a whole has been able to make consistent and rapid progress forward. People don’t have to start over. They don’t have to rediscover the cell or create calculus, and can instead pick up where others left off and move forward from there. SO WHAT THE HECK COULD THIS POSSIBLY HAVE TO DO WITH THE REST API ENDPOINTS IN WORDPRESS? We’ve built something that has the potential to be a tool for others to use. It’s part of the height of our proverbial shoulders. It may not have the far reaching effect that calculus has had, but it does have the chance to do things that we can’t currently imagine. Newton probably didn’t imagine the Boeing 777 either.
If we don’t offer these kind of modern tools, built into WordPress, to allow people to build the future of the Internet, then we risk them using similar tools offered by closed solutions from Facebook toMedium.
It’s going to be a lot of work. Not just to merge, but to keep up, improve, and generally manage for the future. But it will be worth it. To push forward the open web. To help make sure that people can pick up where we left off and keep making progress. JOINING GODADDY AS A FULL-TIME WORDPRESS CORE CONTRIBUTOR * Post author By Aaron D. Campbell * Post date September 2, 2016 * Categories In WordPress * 8 Comments on Joining GoDaddy as a Full-Time WordPress CoreContributor
Today is my last day at iThemes . It’s been a great two years, and I’ve learned a lot. I’m very appreciative of my time here and I will absolutely miss all the people. If you haven’t checked out iThemes or had the chance to meet Cory, Matt, or any of their amazing team, you definitely should.SO, WHAT NOW?
Well, the title here kind of gives it away. I’m excited to say that I’m officially joining GoDaddy as a full-time WordPress Core contributor. I start there on September 6th, and am excited to help push WordPress forward with the full support of a company like GoDaddybehind me.
BUT WHY?
I honestly can’t remember when I first started using WordPress. I think it was sometime in 2004, because it was before Kubrick became the default theme. And it was certainly before we had things like WYSIWYG editing, which came along in late 2005 with the WordPress 2.0 release. But while I can’t remember exactly when I started using WordPress, I remember very clearly when I started _contributing_ to WordPress. It was June 12, 2007. That was the day that I opened my first ever bug report for WordPress, uploaded my first ever patch, and had my first bit of code put into the WordPress codebase. Yep, it all happened onone day!
The feeling that I got from that was amazing. I loved that I’d just made a small impact on a group of people, most of whom I didn’t even know. I started to slowly ramp up my involvement in the project. I contributed more and more, and got involved enough to really get to know the people. By 2009 I was traveling to WordPress events, and by 2011 I was speaking at them regularly. I’ve become very passionate about the WordPress project and the community that has built up around it. For a long time I’ve wanted to do more; to contribute more often and to take a more involved role in pushing the project forward. So when GoDaddy talked to me about bringing me on as a full-time WordPress core contributor, I wasexcited.
WHAT DOES THAT MEAN? Basically, I’m going to be working to make WordPress better and GoDaddy is going to pay for it!I’m going to be working to make WordPress better and GoDaddy is going to pay for it!* There are a lot of massive benefits to this, including being able to have very consistent reliable time that can be counted on by release leads, being able to reliably take on projects that span releases, and being able to work on some of the less fun areas that are generally more neglected by volunteer efforts. I think that this kind of dedicated support from companies whose businesses are heavily invested in WordPress is extremely healthy for the project as a whole, and I’m ecstatic to get the chance to do this. * For those that don’t have experience with open source software development, or don’t understand the pervasiveness of WordPress, this is going to be confusing. You’ll have to ask me to explain it all over coffee some time. MIGRATING FROM MANDRILL TO SENDGRID * Post author By Aaron D. Campbell * Post date April 27, 2016 * Categories In Web Development * No Comments on Migrating from Mandrill to SendGrid Recently The Rocket Science Group, the company behind both Mandrill and MailChimp, decided to change things up. They decided to roll Mandrill, their transactional E-Mail service, into MailChimp as a paid addon available to paid MailChimp accounts only. A lot of people freaked out or got really upset, most of them focusing on the fact that many people who were using Mandrill for free or close to it, were going to have to start paying at least $40 per month. That’s $20 per month for a MailChimp account, which they might not even have a use for, and $20 per month for the lowest tier of the Mandrill transactional email addon. I was upset too. Not because of the additional cost, but because of the way Mandrill users were treated. An email went out to all Mandrill users on February 24th, mandating that all existing users needed to have a paid MailChimp account set up and connected to Mandrill by April 27th. That gave nine weeks. Nine weeks isn’t a lot of time, and Rocket Science knew this. Is it enough time to set up a MailChimp account, link it to your Mandrill account, and pay them the extra money every month? Yes. Was it enough time to research an alternative, set up an account elsewhere, rewrite all your transactional email code to use a new API, train users to use a new interface at this new solution, test all the new code, and deploy? Not really. At least not in many cases. However, that’s exactly what I did. Not because I was upset at the extra monthly cost, but because I didn’t like being treated likethat.
I started with some simple research to find alternatives. As it turned out, plenty of other people were doing the same research and postingtheir findings
,
which greatly simplified the process. What I found is that since my usage was pretty straight forward, almost any of the available alternatives would work for me. I ended up choosing SendGrid.
The actual development wasn’t particularly interesting. The APIs are different, as you would expect, so all the code needed to be changed but was ultimately similar enough to be pretty simple. One of our hangups came with tags. In Mandrill we used tags to label various kinds of E-Mails, what server the E-Mail was triggered from, etc. We use those to help us track where deliverability issues occur, as well as to help us track down bugs when they happen. The problem was that SendGrid didn’t have these. Luckily, SendGrid DOES have what they call “Unique Arguments“.
Basically, they let us do the same thing, adding in our own unique key/value pairs, with the only downside being that their web app doesn’t give you much in the way of working with those (like viewing all bounces with a specific value for one of the arguments). And that seems to be the only real downside so far. The web app for SendGrid doesn’t seem to be quite as powerful or fully functional as the one Mandrill has. Having said that, delivery, responsiveness, speed, etc all seem completely on par. I’ll happily give up the zoomy UI though, if they’ll treat their customers with a little morerespect.
POSTS NAVIGATION
1 2 Older Posts → * Open Facebook in a new tab * Open Twitter in a new tab * Open Instagram in a new tab * Open LinkedIn in a new tab * Open GitHub in a new tab* WordPress Plugins
* About
* Contact
* Book Me as a Speaker 2021 Aaron D. Campbell Privacy PolicyDetails
Copyright © 2024 ArchiveBay.com. All rights reserved. Terms of Use | Privacy Policy | DMCA | 2021 | Feedback | Advertising | RSS 2.0