TiL: what we’ve been learning this summer…

Back in June, we introduced you to our ‘Today I learned’ channel. The channel has been buzzing with activity of late, so here are a few of the latest lessons we’ve been learning. Enjoy! Let it go… Life of (Raspberry) PI Learning Japanese…     New feature in OpenSSH:   Thanks, Deliveroo!   The beauty of […]

XSS in WordPress: a tutorial

One of the most common vulnerabilities in WordPress plugins is cross site scripting – XSS for short. The basic premise of XSS is that an attacker is able to cause JavaScript to run in somebody else’s browser, while they’re on a website that the attacker shouldn’t be able to control. By the end of this, […]

Trends in WordPress plugin security

Most of my time recently has involved working with WordPress plugin security. In a previous post I talked about some of the vulnerabilities which the dxw Security team have discovered and recently published. One of my other responsibilities is monitoring lots of feeds for plugin security vulnerabilities reported by other people and adding them to […]

Some WordPress Plugin vulnerabilities we’ve published recently

Most of my time recently has involved working with WordPress plugin security and I’d like to have a look at some of the security issues and themes which I’ve come across recently: One of my day-to-day responsibilities is managing the quality assurance and reporting of security vulnerability reports which we produce as a result of […]

GovSite – a flexible WordPress theme developed by dxw

We’ve found that for many of our products, we’re asked to implement very similar features again and again. We also find that many of these clients have pretty limited budgets, which makes it difficult to follow the service design manual process. User research is often the first thing that gets cut, which isn’t ideal. So, […]

Talking snakes and mongooses at #bigwp

Last night I gave a talk on plugin security at the Big Media & Enterprise WordPress London Meetup. It includes Indiana Jones (Why did it have to be snakes?!) and a cheeky plug for MongooseWP – our plugin security alerting service which will be launching soon. The talk seemed to go down well – at least […]

Burn microsites, burn

One of the banes of most web team’s lives is the proliferation of microsites. They’re everywhere! For a while, every time a new project or service started up, a new website would be just around the corner. It’s understandable that people want to get the word out, harnessing the power of digital in communicating and engaging […]