Security


Be very, very careful when making changes to your .htaccess file. If you aren’t extremely comfortable with code test this on a development site thoroughly. Some of these options might break some sites and work on others, depending on your server configuration.  WordPress creates a .htaccess file during the installation process. Anything […]

.htaccess tips to securing WordPress


I was in the middle of setting up my developers blog again, and getting everything configured when I lost all connection to it.  I contacted my hosting provider and they came back and said: “It looks like you managed to trigger a mod_security rule and get yourself blocked from the server. […]

Mod Security and WordPress




I had the pleasure of spending a week trying to fix an issue with one of my sites. We have quarterly security scans on it and this last round they dinged us for not using secure and HTTPOnly cookies. Our server is using J2EE session variables. On ColdFusion 8 there […]

HTTPOnly and Secure Cookies