Browsed by
Category: CSP

10 ways to increase the security of your WordPress application

10 ways to increase the security of your WordPress application

When someone mentions WordPress, you will often hear people saying “don’t use it, it’s insecure”. In a sense, those people are right – there is no such thing as a “silver bullet” in security. There are a few ways developers can fend off attacks concerning WordPress though – let’s dive into them. 1. Fundamentals The very first thing you should do is use HTTPS instead of HTTP. Now I get that a blog isn’t a bank and your readers could…

Read More Read More

Your website needs a CSP. Here’s why

Your website needs a CSP. Here’s why

Here’s a scenario: You create a website and make it available online. Your website ends up getting hacked (it happens frequently, by the way..) The nefarious party is able to inject some malicious javascript into one of your pages. A legitimate user visits your website and is redirected to a phishing page as a result of the work done by an attacker. The user attempts to log into the page thinking it’s your website and ends up getting all of…

Read More Read More

Your website has assets – You need SRI

Your website has assets – You need SRI

All websites have something worth protecting. Those valuable things are frequently loaded from a CDN (Content Delivery Network) which is a distributed network of data centers that deliver assets based on geographic locations of the user. Using a Content Delivery Network to deliver content on your website has its perks. The main advantage of using a CDN is improved performance – speed matters because if your website is slow, it could frustrate your users sending them elsewhere. Content Delivery Networks – The…

Read More Read More

The path to a custom Firewall and a Content Security Policy on a Blog

The path to a custom Firewall and a Content Security Policy on a Blog

Few years ago I found myself looking for a firewall. I’ve looked at various options from various security companies, but couldn’t find what I was looking for – the firewalls at the time were either too expensive or lacked some of the features I required. As I kept thinking about this, I decided I’m not buying one and so, in 2014, I ended up building a custom WAF.. What is a WAF? A WAF is short for Web Application Firewall. The primary…

Read More Read More