Zap Flash before it zaps you
Lots of 0-day exploits on Flash, supposedly due to a hacking-for-money company having been hacked. Remove/ disable Flash if you value your security! Possibly related twitterless twaddle: de draadloze...
View ArticleClam AV flagging CSS as Html.Exploit.CVE_2016_0108
So I had a bit of a scare yesterday, when a couple of users posted on the Autoptimize support forum that their hoster warned them about malware in autoptimized CSS-file. ClamAV flagged those files as...
View ArticleWhy would you still be on PHP 5.2?
For Autoptimize 2.0.1 I declared a pretty complex regex to extract font-face’s from CSS using the nowdoc-syntax which is supported from PHP 5.3 onwards. Taking into account that the first PHP 5.2...
View ArticleClik here to view.
Warning WordPress plugin users about their old PHP
After my initial disbelief about the amount of WordPress installations still on the slow and vulnerable PHP 5.2.17 (or older), I decided to warn users of my plugin with an non-dismissable warning on...
View ArticleClik here to view.
No REST for the wicked
After the PR-beating WordPress took with the massive defacements of non-upgraded WordPress installations, it is time to revisit the point-of-view of the core-team that the REST API should be active for...
View ArticleCode snippet to block author pages
So you can remove the author-pages with an author.php file in your (child) theme, but what if you don’t want to touch the theme you ask? Well, I just added this code snippet to two of the sites I...
View ArticleClik here to view.
bol.com: please don’t share my data with Facebook
NoScript remains one of my favorite browser addons (or plugins or whatever they’re called these days). Look what it just proposed to block while browsing bol.com (one of the big online retailers in BE...
View ArticleAutoptimize & Trojan.Cryxos.2960: false positive
I’ve had a couple of reports of Bitdefender flagging optimized JS as infected by Trojan.Cryxos.2960. I investigated earlier today and this almost certainly is a false positive. If you want you can...
View ArticleAutoptimize 2.7.7 fixes 2 security issues, please upgrade.
Autoptimize 2.7.7, which was release earlier today, has misc. improvements, but more importantly comes with 2 security fixes (one XSS, one malicious file upload, both for authenticated users), so...
View ArticleClik here to view.
Autoptimize < 2.7.7 security vulnerabilities debrief
With Autoptimize 2.7.7 released on August the 23rd and having been pushed to all sites that were still on 2.7.0-2.7.6 by the WordPress plugins team on Aug. 30th and 31th, resulting in just under one...
View Article
