HACKED

22nd and 29th April 2021

WordPress Security Workshop

Office Hours

Thursdays 10am-1PM GMT

Book a free 20 minute chat with Tim!

WordPress

General WordPress Articles & Videos Tutorials

WordPress powers over 35% of the top 100million websites in 2020 it’s Open Source and available to anyone for free, and it’s one of the most talked about software projects in the world. On this site Tim talks about WordPress concepts, tutorials and videos focusing on more niche aspects of running a WordPress site, be it in a large enterprise environment or a small vanity site.

Let me decide where I put my secrets

WordPress

Many plugins call on 3rd party services when they do those services often provide some form of credentials and 9 times out of 10 those credentials get stored in wp-options table. Except I don’t want my security credentials in my database. Where you store you secrets can be deeply personal thing.

A common way to call credentials in plugin is something along the lines of

$api_key = get_option( 'mysecretkey' );
define( 'SECRETKEY', $api_key );

if you are going to do that, then try this instead

if ( ! defined( 'SECRETKEY' ) ) {
$api_key = get_option( 'mysecretkey' );
define( 'SECRETKEY', $api_key );
}

By checking if it’s already defined before pulling it from DB it allows me to add the API key in the wp-config.php and avoid putting it in my DB.

If you develop plugins that make use of third party services and storing API keys, then give your users the flexibility to store the keys where they want.

PayPal Identity services lift off!

WordPress

It’s always the way. The one event you don’t go to and all the cool toys are announced. This year is the first time I didn’t make it to Innovate PayPal developer conference and they announced a huge pile of new stuff including an interesting ecommerce platform hybrid thingiemagik. However, what really interested me were […]

Split and Chained Looking at Paypal Adaptive Payments

WordPress

Paypal recently released a whole heaps of new ways to use their services, I have been lucky enough to have been part of early beta testing and now no longer under those pesky NDAs can spill the beans on some of the new features. The two big releases from Paypal have been Adaptive Payments and […]