Tims musings and pontifications
Blog and Articles

Nothing is truly random
Random thoughts about wp_rand()
A deep dive into how WordPress’s wp_rand() works, what a CSPRNG is, and why some warnings about it are misplaced.

The Long Way to WordCamp Gdynia: LoopConf, WPLDN and a Lot of Coffee
Conferences, community, and the chaos of travel
Events and Talks | Security | WordPress
What started as a polite “sorry, too far” turned into a week of planes, panels and Poland. From WPLDN to LoopConf, then on to WordCamp Gdynia, it turned out getting to Poland was quicker than getting to London. Along the way I found myself talking security, debating AI, and discovering the joys (and delays) of Luton Airport.

What the ‘eck is the UK’s Cyber Security and Resilience Bill?
Is your WordPress business ready for the UK’s Cyber Security Bill? From risk assessments to vulnerability reporting, this upcoming legislation could change how developers and agencies operate. Here’s what you need to know and why it matters

Advisory: Advanced Custom Fields changes
Action maybe required for some users
Tim has published an advisory to his clients on changes to ACF and is publshing them in public.

In the world of WordPress, a little automation can go a long way?
Do you fear automatic updates?
Are WordPress Automatic updates with multistage testing, backups, and alerts more reliable than manual updates? Let’s discuss!

📢📢📢 WordPress User Security Workshop!
Live Event on August 29th 2024
Join my WordPress User Security Workshop on August 29, 2024! Learn about user account management, authentication, and monitoring. Early bird pricing available until August 8.

Still blogging like a confused hacker!
My PHP/WordPress Application Server Stack in 2024
How is this site powered? I’m pretty sure your site isn’t running this application stack for WordPress!
Featuring Caddy, PHP-FPM, Tailscale.

New Confidently Clean Hacked Site Workshop Date!
Live Workshop 16th July 2024
Tim is launching a new Confidently Clean a Hacked WordPress Website workshop on July 16th 2024. Find out all the details and why you need to be there.

When Memes Go Bad
WordPress Security Storytime
Events and Talks | Security | WordPress
Are you sitting comfortably then join me for a Scary WordPress Security story.
Follow the woes of Joe, as a meme generator take out an entire hosting company.
Would you get caught out too?

The curious case of the funny admin
Uncover the Hidden Threat
Ever had that unsettling feeling that something’s not right, but can’t put your finger on it? Discover how Tim, worked through the case of a compromised site.

Tailscale & Caddy for better admin security
We did DNS and survived
Securing a web app admin area, by combining Tailscale with MagicDNS split DNS feature, Systemd-resolved and Caddy.

Is this thing on?
Quick update from Tim
It’s been so long since I have updated people on what I am up to. So I thought it would be simpler to write a quick post. That was in March… Well maybe I should post it!