Best practices when it comes to writing plugins is a frequently asked question on the wp-hackers mailing list. Good news: Mark Jaquith, one of the WordPress core developers, has an ebook planned: Too many WordPress plugins have security issues. Solution: I'm writing a short e-book on how to write secure WordPress plugins. I'll buy.[...] → Read more

I've just noticed this (new, I guess) kind of warning on Gmail: "this account is currently being used in 1 other location at this IP" This is a welcome feature. I really wished Gmail would add more paranoid and security related notes and items like this one. I (most of us?) have most of their […][...] → Read more

This is a truly scary story : David Airey got his domain stolen because of a GMail vulnerability. Short story: it was (seems it's fixed) possible to create filters on Gmail just by visiting a link or, say, loading a hidden frame on a malicious website. Like, create a filter to forward to evilguy@evilhost.com any […][...] → Read more

I've updated the popular Click Counter Plugin, now available in version 1.02 This is a security upgrade, fixing a potential SQL injection exploit that was discovered by Dougal Campbell (many thanks to him for this notice). To be honest, I tried for half an hour to break things with various SQL injections and XSS attempts, […][...] → Read more