Posted on March 30, 2020Categories Security, WordPressTags , , , ,   Leave a comment on Hate Spam? Turn Off Jetpack Email Sharing

Hate Spam? Turn Off Jetpack Email Sharing

The past few days have been spent diagnosing various email delivery issues from the AWS web cluster that is running our WordPress plugin store as well as our SaaS locator platform. During this process email routing was pushed from the servers through the AWS Simple Email System. SNS notifications were enabled to monitor the progress and provide some insight as to what was happening on the send mail side of things. Not far into the mission something odd was showing … Continue reading “Hate Spam? Turn Off Jetpack Email Sharing”

Posted on December 11, 2019Categories AWS, PHP, Security, Technology, WordPressTags , , , , , ,   Leave a comment on AWS LEMP Stacks and EFS Issues

AWS LEMP Stacks and EFS Issues

Lesson learned — if you are using EFS on production systems you want to be using provisioned throughput mode. But, before we get into that, let’s go over the details of this implementation… Service Configuration We utilize AWS EC2 instances to run multiple WordPress sites hosted in different directories. The configuration is fairly standard: 2+ servers configured as part of an load-balanced cluster. The servers run from the same image meaning they use the same underlying software stack. Part of … Continue reading “AWS LEMP Stacks and EFS Issues”

Posted on December 18, 2018Categories Security, Security, Technology, WordPressTags , , ,   Leave a comment on WordPress Continues To Break Things In The Name Of Security

WordPress Continues To Break Things In The Name Of Security

In what has become a nearly annual tradition, WordPress has released yet another update that broke thousands of plugins across the Internet.    As usual, they claim this is in the best interest of security.  Thus the breaking change was done with ZERO notification to developers.   It was also forced onto most sites as a “security patch release” which will update any site that does not forcibly stop automatic updates. Communication From WordPress Core Is Horrid While I don’t have … Continue reading “WordPress Continues To Break Things In The Name Of Security”

Posted on March 24, 2016Categories Plugin Development, Security, WordPressTags , , , ,   Leave a comment on Adding WordPress REST API Security To Basic CRUD Operations

Adding WordPress REST API Security To Basic CRUD Operations

Work has been underway adding REST API functionality to the Store Locator Plus plugin.   Most people are familiar with the basic concept of using REST to fetch data from a remote server.   We use this every day when surfing the web using the basic premise of an HTTP GET protocol.   In short this is the simplest form of a REST “read” operation.   Go here, get this thing and show it to me. REST APIs get more exciting when … Continue reading “Adding WordPress REST API Security To Basic CRUD Operations”

Posted on September 18, 2015Categories Security, WordPress   Leave a comment on WordPress Malware – Active VisitorTracker Campaign – Sucuri Blog

WordPress Malware – Active VisitorTracker Campaign – Sucuri Blog

If you are running your web presence on WordPress you will want to know about this. The method used to get the JavaScript code onto your site and redirect to a malware installer is not yet know. The fingerprints, however, are easily detectable. Share this article with your site or system admin so they can scan your WordPress install and remove the malware if necessary. WordPress Malware – Active VisitorTracker Campaign – Sucuri Blog We are seeing a large number … Continue reading “WordPress Malware – Active VisitorTracker Campaign – Sucuri Blog”