Calvin Alkan
-
New in Fortress: Redefining Reliability with Unbreakable Config Validation
This past month we’ve been busy. Not with flashy features but with rigorous under-the-hood improvements. Reliability isn’t just a phrase we sprinkle on marketing pages; it’s the essence of how we design software at Snicco. Before we wrote a single line of code for Fortress, we dedicated four months to building a robust, containerized testing…
-
FREE: Secure Your EDD Stripe Keys – Fortress Vaults & Pillars in Practice
Introduction In this guide, we’ll walk you through the process of securing your Easy Digital Downloads Stripe keys using Fortress Vaults & Pillars. By the end of this tutorial, your sensitive Stripe keys will be securely encrypted, and the risk of malicious access will be significantly reduced. We will be using the following Software versions:…
-
FREE: Secure Your Gravity Forms Stripe Keys – Fortress Vaults & Pillars in Practice
Introduction In this guide, we’ll walk you through the process of securing your Gravity Forms Stripe keys using Fortress Vaults & Pillars. By the end of this tutorial, your sensitive Stripe keys will be securely encrypted, and the risk of malicious access will be significantly reduced. We will be using the following Software versions: The…
-
Solving WordPress’s Pathological Plaintext Problem: Introducing Fortress Vaults&Pillars
We solved WordPress’s Plaintext Problems. And you can get FREE access.
-
Malware Madness 1/2: Why everything you know about your WordPress Malware Scanner is wrong
Introduction Malware scanning and removal have traditionally been focal points in the WordPress security ecosystem. Users have placed their trust in Malware Scanning plugins to keep sites secure. Yet, this post challenges a crucial assumption: The conventional method of plugin-based malware scanning in WordPress is flawed and conceptually impossible. Our research doesn’t aim to critique…
-
The state of WordPress security plugins in 2022
On May 30, 2022, we disclosed two, in our opinion, pretty serious security vulnerabilities in two popular WordPress 2FA plugins through the WPScan platform. Our initial disclosure was very detailed, and WPScan promptly assigned it a provisional CVE. Fast forward three months, there were still no fixes on the horizon, and ultimately WPScan decided to…
-
Stop the prefixing
The WordPress codex still lists the following advice to avoid naming collision on your plugin: A naming collision happens when your plugin is using the same name for a variable, function or a class as another plugin. Luckily, you can avoid naming collisions by using the methods below. WordPress Codex This might have been helpful…
-
How to safely get the IP address of the current user in a WordPress plugin
This article is based on outstanding research done in The perils of the “real” client IP. If you are creating a WordPress plugin that relies in any way or shape on getting the real IP of the current user visiting the site you need to be extremely careful. If you are getting this wrong (and…