Cyber UK 2017 Conference – Part 1: Security is a team sport

Earlier this month Harry and I attended the second edition of the Cyber UK conference  in Liverpool, hosted by the National Cyber Security Centre (NCSC) (https://www.ncsc.gov.uk/) Across three days of talks, workshops, networking, and hacking challenges (which we won!) we heard a lot of ideas and opinions about the state of information security in the […]

Trends in WordPress plugin security

Most of my time recently has involved working with WordPress plugin security. In a previous post I talked about some of the vulnerabilities which the dxw Security team have discovered and recently published. One of my other responsibilities is monitoring lots of feeds for plugin security vulnerabilities reported by other people and adding them to […]

Some WordPress Plugin vulnerabilities we’ve published recently

Most of my time recently has involved working with WordPress plugin security and I’d like to have a look at some of the security issues and themes which I’ve come across recently: One of my day-to-day responsibilities is managing the quality assurance and reporting of security vulnerability reports which we produce as a result of […]

Hello MongooseWP

We have recently launched MongooseWP – an email subscription service to alert website developers to security vulnerabilities in WordPress plugins. It’s unfortunately very common for WordPress plugins to have vulnerabilities. As part of our managed hosting service we review plugins for security issues. We’ve found that over half of the plugins we’ve tested to date contain serious security vulnerabilities. Most vulnerabilities […]

Goodbye Citrulu

3 years ago we launched a product called Citrulu. It monitored live websites to check that they were working as expected. The idea was to go one better than simple uptime monitoring (which just checks that a site successfully responds with something) by letting users describe what their site looks like when it’s working, in natural […]

Talking snakes and mongooses at #bigwp

Last night I gave a talk on plugin security at the Big Media & Enterprise WordPress London Meetup. It includes Indiana Jones (Why did it have to be snakes?!) and a cheeky plug for MongooseWP – our plugin security alerting service which will be launching soon. The talk seemed to go down well – at least […]

Keeping traffic flowing to your WordPress site after a big restructuring

Any website which is around for more than a couple of years will probably go through some kind of restructuring – perhaps as part of getting a new theme, or reorganising and refining content for clarity and usability. Often this sort of process involves changes to the urls (“permalinks”) used to access individual posts and […]

Accountability Hack 2014 – A closer look at the data we used

Last weekend dxw entered a team into the Accountability Hack run jointly by the National Audit Office, The Office for National Statistics and Parliament. Our hack – Right to Buy-Bye ended up winning both the ONS category and the Best in Show prize. We’ve already blogged about the process of building the hack, so in […]

WordPress Security – WPLDN follow-up

A few weeks ago I did a talk on WordPress security at the WordPress London meetup (video, slides). At the end there were a couple of questions relating to our hosting platform which bear repeating and a bit of a follow-up. “Why don’t you use VaultPress?” There are a number of security plugins on the market […]