Article

Mitigating CVE-2018-6389 WordPress DoS attack with lighttpd

Early in 2018, Barak Tawily published a possible DoS attack for WordPress, that basically works by requesting all possible scripts on the /wp-admin/load-scripts.php, a script that fetches and concatenates javascript files — there’s also a load-styles.php file that does the same for styles. His vulnerability report was rejected by the WordPress team, on the account…

Read post :Mitigating CVE-2018-6389 WordPress DoS attack with lighttpd

Article

Big companies that use PHP

Every now and then there’s still some people who can’t believe PHP can be used for a big, successful project, when actually there are several examples of huge sites using PHP. Here’s how some of them share their experience. Facebook With over 1.49 billion active users, Facebook has been forced into finding creative, out-of-the-box solutions…

Read post :Big companies that use PHP

Desarrollo Web

Localization and internationalization of an app or site it’s a challenge that’s not specially hard on the technical side, but that it can ceirtanly become difficult for social and behavioral aspects, such as our own etnocentrism, lack of standardized standards, or even standards that conflict with actual use or user expectations.

The development team at Etsy identified three attributes that affected currency formatting: the currency, user location and user language. Their post on How Etsy Formats Currency shows how to correctly format currency and some of the practical decisions that are involved in the process.

, , , , , ,

Article

Using Basic Authentication with the WordPress HTTP API

Basic Authentication it’s often used as a simple security measure or as a temporary authentication method while developing with certain APIs. While the WordPress HTTP API doesn’t have explicit support for basic authentication, it’s still possible to use it as a header: Remember that if you’re sending an unencrypted request, all the headers will be…

Read post :Using Basic Authentication with the WordPress HTTP API