Preventing Clickjacking on WordPress Sites

WordPress already sends the X-FRAME-OPTIONS header for wp-login.php and the Admin Panels in order to prevent clickjacking, but it doesn’t send it on the front end because that could interfere with remote services that legitimately frame parts of a site. That’s only relevant for a small number of pages, though, so I’ve added a snippet to my functionality plugin skeleton […]

Continue reading...

WordPress.tv Developer Presentation Roundup

I’m one of the mentors for WordPress’ SupportPress project in this year’s Google Summer of Code, and I wanted to put together a list of WordPress.tv videos to help introduce Varun to the WordPress community and some development best practices. I figured it’d be good to save it for future reference, so I’m also posting […]

Continue reading...

PayPal Security Sucks; or, Why Two Factor Authentication is Worthless Without Strong Account Recovery Policies

Even though two-factor authentication isn’t the silver bullet many make it out to be, I’m still a big fan of it and think that it should be offered by any web service that wants to be taken seriously. It’s completely pointless, though, if the service doesn’t also have strong account recovery policies, or if their customer support […]

Continue reading...

Challenges for the WordPress Community as it Matures

Mike Jordan’s post on the WordPress community has some great insight and challenging thoughts. The truth is, however, that our community does not have these rare traits simply because its members are just that awesome. The primary reason that our community is so approachable, is that for the first several years of its life we had to […]

Continue reading...