Earlier this week WPGraphQL 1.0 got released. It adds a GraphQL server to WordPress. WPGraphQL →WPGraphQL Docs →
Tag Archives: wordpress
Chrome vs. WordPress: All Text Showing as Glyphs / Symbols 🤯
Ever since mid december I’ve had a few reports from people that they were seeing my blog – the thing you’re reading now – rendered in unreadable text. Instead of seeing a nice serif font, they got presented with some wingdings-like symbols for all the text when visiting through Chrome on macOS. Hmm, unreadable on …
Continue reading “Chrome vs. WordPress: All Text Showing as Glyphs / Symbols 🤯”
WordPress 4.2 Stored XSS
Earlier this week WordPress 4.1.3. It fixed an XSS exploit discovered by a former student of mine. This week a new exploit – even in the new WordPress versions, including 4.2 – was uncovered. Current versions of WordPress are vulnerable to a stored XSS. An unauthenticated attacker can inject JavaScript in WordPress comments. If triggered …
Migrating your WordPress website from HTTP to HTTPS
In light of #https2015 I flipped the switch on bram.us earlier today: from today forth bram.us is only accessible over HTTPS. If you run a news site, or any site at all, we’d like to issue a friendly challenge to you. Make a commitment to have your site fully on HTTPS by the end of …
Continue reading “Migrating your WordPress website from HTTP to HTTPS”
WordPress < 3.6.1 PHP Object Injection
WordPress 3.6.1 contains a PHP Object Injection Vulnerability Fix, detected by one of my former students. He also made an extensive writeup about it: Let’s recap: maybe_serialized(‘i:1;<funkycharacterhere>’) is inserted to the database. As WordPress does not see this as a serialized string (because it doesn’t end in ; or }), this will result in i:1;. …
wp-cli — A command line interface for WordPress
wp-cli is a set of command-line tools for managing WordPress installations. You can update plugins, set up multisite installs, create posts and much more. Once installed, you can run commands such as: wp plugin install hello-dolly which will output: Installing Hello Dolly (1.5) Downloading install package from http://downloads.WordPress.org/plugin/hello-dolly.1.5.zip … Unpacking the package … Installing the …
Continue reading “wp-cli — A command line interface for WordPress”
Facebook for WordPress Plugin
Something that was long overdue: an official Facebook for WordPress Plugin which brings some basic Facebook features (such as injection of a Like Button, publishing to Facebook when publishing a post, etc.) and some new ones (such as tagging a Facebook friend straight from the WordPress “add post” screen) to WordPress If you want to …