Upgrading our WordPress sites to 5.0

WordPress 5.0 was released on 6 December. It contains a lot of significant changes, but the biggest one is a new editor interface, called “Gutenberg”. You can find out more about Gutenberg here, but it is essentially part of a wider project to make WordPress less of a blog platform and more of a “page […]

TiL: what we’ve been learning this summer…

Back in June, we introduced you to our ‘Today I learned’ channel. The channel has been buzzing with activity of late, so here are a few of the latest lessons we’ve been learning. Enjoy! Let it go… Life of (Raspberry) PI Learning Japanese…     New feature in OpenSSH:   Thanks, Deliveroo!   The beauty of […]

XSS in WordPress: a tutorial

One of the most common vulnerabilities in WordPress plugins is cross site scripting – XSS for short. The basic premise of XSS is that an attacker is able to cause JavaScript to run in somebody else’s browser, while they’re on a website that the attacker shouldn’t be able to control. By the end of this, […]

Trends in WordPress plugin security

Most of my time recently has involved working with WordPress plugin security. In a previous post I talked about some of the vulnerabilities which the dxw Security team have discovered and recently published. One of my other responsibilities is monitoring lots of feeds for plugin security vulnerabilities reported by other people and adding them to […]

Some WordPress Plugin vulnerabilities we’ve published recently

Most of my time recently has involved working with WordPress plugin security and I’d like to have a look at some of the security issues and themes which I’ve come across recently: One of my day-to-day responsibilities is managing the quality assurance and reporting of security vulnerability reports which we produce as a result of […]

GovSite – a flexible WordPress theme developed by dxw

We’ve found that for many of our products, we’re asked to implement very similar features again and again. We also find that many of these clients have pretty limited budgets, which makes it difficult to follow the service design manual process. User research is often the first thing that gets cut, which isn’t ideal. So, […]

Talking snakes and mongooses at #bigwp

Last night I gave a talk on plugin security at the Big Media & Enterprise WordPress London Meetup. It includes Indiana Jones (Why did it have to be snakes?!) and a cheeky plug for MongooseWP – our plugin security alerting service which will be launching soon. The talk seemed to go down well – at least […]