Development

I've recently found that the public WP REST API endpoints within WordPress can provide information which can be used in 'hacking' attempts. One such endpoint is '/wp-json/wp/v2/users' (e.g. https://yourdomain.com/wp-json/wp/v2/users), this will display Admin usernames to any unauthenticated user. There are a couple of way to mitigate this risk, install the Disable REST API or add...

Today I found out you can easily notify Google of an XML sitemap by ‘pinging’ Google via a GET request: http://www.google.com/webmasters/sitemaps/ping?sitemap=URLOFSITEMAP.xml You can perform this via PHP, or if running on Linux; use wget.

I’ve recently came across the https://cipherli.st/ site, from the cron.weekly email newsletter (I highly suggest you sign-up, some great posts and sites featured). Cipherli.st allows you to copy and paste SSL ciphers for a variety of web software (Apache, Nginx, etc.).

Here is a neat trick which I’ve found: using a tool by Google named Docs Viewer you can embed PDF (Or office and Postscript) files into a webpage to be viewed on screen, even without a PDF reader plugin installed in the user’s browser. Simply use the snippet below and change where your_document_here is mentioned twice ...

A collection of the best videos of talks from Google I/O 2017.