A large number of WordPress sites will have been defaced as a result of a recently disclosed vulnerability in the REST API. Fortunately this did not affect sites hosted with dxw as proactive steps had already been taken to secure client sites. Two weeks ago, the WordPress security team told us and a number of […]

Most of my time recently has involved working with WordPress plugin security. In a previous post I talked about some of the vulnerabilities which the dxw Security team have discovered and recently published. One of my other responsibilities is monitoring lots of feeds for plugin security vulnerabilities reported by other people and adding them to […]

Most of my time recently has involved working with WordPress plugin security and I’d like to have a look at some of the security issues and themes which I’ve come across recently: One of my day-to-day responsibilities is managing the quality assurance and reporting of security vulnerability reports which we produce as a result of […]

We’ve found that for many of our products, we’re asked to implement very similar features again and again. We also find that many of these clients have pretty limited budgets, which makes it difficult to follow the service design manual process. User research is often the first thing that gets cut, which isn’t ideal. So, […]

Last night I gave a talk on plugin security at the Big Media & Enterprise WordPress London Meetup. It includes Indiana Jones (Why did it have to be snakes?!) and a cheeky plug for MongooseWP – our plugin security alerting service which will be launching soon. The talk seemed to go down well – at least […]

One of the banes of most web team’s lives is the proliferation of microsites. They’re everywhere! For a while, every time a new project or service started up, a new website would be just around the corner. It’s understandable that people want to get the word out, harnessing the power of digital in communicating and engaging […]