Great article by iThemes, who just so happens to make a security plugin for WordPress. But seriously, the seven things that the article focuses on are things I’ve tried to focus on over my years as developer with my teams and employers.
I love too that it points out that exploiting sites isn’t usually a concentrated/personal attack, but rather bots constantly sniffing the Internet for exploits, sites that haven’t been patched, have exploitable, permissions etc.
Things like using HTTPS everywhere have gotten easier over the years as well, as free domain validation level certificates have become easy to do, providing your web host offers the service via something like Let’s Encrypt.
BTW, the iThemes Security Pro plugin has been a mainstay in all our WordPress installs. While some people don’t like actually paying for plugins, you should at least use their free version to harden your WordPress sites with ease.
Source: – 7 WordPress Security Best Practices
Have I mentioned lately how much I love css-tricks.com? On top of the CSS depth that a site like CSS Tricks would come with, author Chris Coyer is knowledgeable across all things front end development.
This exploit is over a year old, but I just now came across it. Messing around with a security plugin for WordPress last week, there was a setting about combatting an exploit with target=”_blank” — something most developers use time and time again to open links to external sites in a new tab or window.
What comes around goes around, right? A lot of these animated loaders done mainly with CSS harken back to the heyday of Flash — the initial experience taking a little longer than a person’s attention span. So to give the user a cue, a looping animation was created to indicate loading of the site/resources was in progress.
