Archive for the ‘security’ Category

Changing WordPress admin login error message

In: security|wordpress

It can be surprising how easy it is to overlook security issues in software design. WordPress for example, after all the versions, still displays login error information that can be informative for a potential hacker. Rather than displaying a generic login error message, WordPress admin specifically displays whether a ‘username’ was entered wrong or a [...]

WordPress plugins to check for security threats

In: security|wordpress

With WordPress installations on the rise, security threats are a common concern for users. Below is a small collection of WordPress plugins that I found adequate for use on most WordPress installations to keep security in check. As always security is not 100% achievable, but the following plugins will help you find any loopholes in [...]

The HTML5 keygen element

In: html|security

There is some confusion among users regarding the new HTML5 keygen element. The keygen element generates a public/private key pair and then creates a certificate request. Many users want to know the exact use of the element when SSL is available. This is my take on the subject. Correct me if I’m wrong. <form action="process.cgi" [...]

Checking your site for malicious changes

In: security

Today a couple of hours back my site got compromised. Not much changes to the code, but the .htacces was changed and some code like the below was added to the .htaccess file, which redirected the traffic coming from search engines to a malware site.

Data filtering and validation using Inspekt

In: libraries|php|security

Most web security glitches are caused by insufficient input filtering and validation. Despite a large number of validation libraries being available, input sanitization is usually bypassed due to sheer laziness or the idea that your site is somehow immune from bad input data. Inspekt is one such library that has a small footprint and is [...]

Choosing strong passwords and user motivation

In: security

One of the main reasons for passwords being hacked is because of users choosing weak passwords. Motivation is one of the key driving forces when doing something, which also applies when choosing good passwords. Unless your account login has been hacked before, users have little motivation whatsoever for creating good passwords. (The average user overestimates [...]

Security ‘Challenge Questions’ and the social web

In: security

Lately I’ve been a little paranoid about posting details about myself on the social web, especially Facebook. In fact I’ve completely gone off it (never been a fan of it from the first). I’m surprised by the amount of personal information people post on the social web. One of my concerns is related to the [...]

Encode your email links to prevent spam

In: html|security

One of the popular ways to hide your email on a web page from spam bots is to display the email as an image or to use the ‘[at]‘ word instead of the ‘@’ sign. The code given here is yet another way to fight spam. The below function will let you to encode email [...]

Encrypting uploaded files in PHP

In: php|security

During a recent project, the client requested that uploaded files be encrypted for security reasons. As I already had the uploaded code ready and tested I just needed to add some extra encryption capability to the code. As earlier I’d encountered Zends wonderful Zend_Filter class, I decided to go with it and use the Zend_Filter_Encrypt [...]


  2. 1
  3. 2

Get latest posts by E-mail

About this blog

This site is a digital habitat of Sameer, a freelance web developer working in PHP & MySQL.More


Copyright © 2008-2012 - Sameer Borate Google+