I have a wordpress site (lets call it site1) and another site with oauth2 (site2). When a new user is created, a record is created in both site1 and site2 databases with the same email as username, the typed password hashed in site2 database and a dummy (e.g. “pass”) password for site1 database. Then login … Read more
I’m using a security plugin that keep sending me emails: “A lockdown event has occurred due to too many failed login attempts or invalid username: Username: Admin IP Address: 195.154.243.31 IP Range: 195.154.243.* Log into your site’s WordPress administration panel to see the duration of the lockout or to unlock the user.” I tried to … Read more
I am developing plugin for WordPress. Firstly I started using Settings API it looks good, but it is little bit complex and it doesn’t provide the way to handle options manually. I have quite complex options structure, it consists dynamic number of items/object each object has multiple fields, and I need to save array of … Read more
Recently we’ve notice allot of brute force attacks on our website. To make things more secure we decided to limit the access to the wp-login url to only a few , trusted IP addresses. <Files wp-login.php> order deny,allow Deny from all allow from {IP-ADDRESS} </Files> This works, and only allowed IPs are able to access … Read more
I get following messages: Applicaiton password plugin Cookie nonce is invalid iThemes Security A nonce security check failed, preventing the request from completing as expected. Please try reloading the page and trying again. …when I try to save settings in network (subdirectory multisite) admin. But I don’t get this messages if I use the settings … Read more
In the context of security frameworks, a few terms commonly occur subject, user and principal, of which I have not been able to find a clear definition and the difference between them. So, what exactly do these terms mean, and why are these distinctions of subject and principal needed? 7 Answers 7
I’m looking for a way to add policy about POST password. Password specifications : 12 characters in length, 1 uppercase letter, 1 lowercase letter, 1 number, and 1 special character. Is there a hook to add on function.php to do it? This question is about password protected posts and not USER password. 1 Answer 1 … Read more
Which is better to do client side or server side validation? In our situation we are using jQuery and MVC. JSON data to pass between our View and Controller. A lot of the validation I do is validating data as users enter it. For example I use the the keypress event to prevent letters in … Read more
This question already has answers here: In Which Contexts are Plugins Responsible for Data Validation/Sanitization? (2 answers) Sanitize and data validation with apply_filters() function (1 answer) Closed 3 years ago. I am developing a custom plugin on WordPress for a client. Just a simple question: when I am using update_post_meta() and update_user_meta(), do I need … Read more
I have tested my website at https://observatory.mozilla.org/ and I receive the following two errors: Content Security Policy -25 Content Security Policy (CSP) header not implemented Subresource Integrity -5 Subresource Integrity (SRI) not implemented, but all external scripts are loaded over HTTPS I’ve been trying to fix it all morning, but there’s no way to do … Read more
