Blog and Articles

A deep dive into how WordPress’s wp_rand() works, what a CSPRNG is, and why some warnings about it are misplaced.

What started as a polite “sorry, too far” turned into a week of planes, panels and Poland. From WPLDN to LoopConf, then on to WordCamp Gdynia, it turned out getting to Poland was quicker than getting to London. Along the way I found myself talking security, debating AI, and discovering the joys (and delays) of Luton Airport.

Is your WordPress business ready for the UK’s Cyber Security Bill? From risk assessments to vulnerability reporting, this upcoming legislation could change how developers and agencies operate. Here’s what you need to know and why it matters

Tim has published an advisory to his clients on changes to ACF and is publshing them in public.

Are WordPress Automatic updates with multistage testing, backups, and alerts more reliable than manual updates? Let’s discuss!

Join my WordPress User Security Workshop on August 29, 2024! Learn about user account management, authentication, and monitoring. Early bird pricing available until August 8.

How is this site powered? I’m pretty sure your site isn’t running this application stack for WordPress!
Featuring Caddy, PHP-FPM, Tailscale.

Tim is launching a new Confidently Clean a Hacked WordPress Website workshop on July 16th 2024. Find out all the details and why you need to be there.

Are you sitting comfortably then join me for a Scary WordPress Security story.
Follow the woes of Joe, as a meme generator take out an entire hosting company.
Would you get caught out too?

Ever had that unsettling feeling that something’s not right, but can’t put your finger on it? Discover how Tim, worked through the case of a compromised site.

Securing a web app admin area, by combining Tailscale with MagicDNS split DNS feature, Systemd-resolved and Caddy.

It’s been so long since I have updated people on what I am up to. So I thought it would be simpler to write a quick post. That was in March… Well maybe I should post it!