I recently used the built in WordPress protected visibility status in a project where information security was very important. This handy and little used feature does a great job securing content and providing user access on a basic level but has some pretty serious security holes if you hope to use it for anything more advanced. These include:
- The identification cookie is stored in the users browser insecurely
- The identification cookie is stored for 10 days without requiring the user to re-enter the password
- Only the post content is protected, any additional meta on the page will be visible to unauthenticated users
This is a quick post today. I had been struggling for a while with strict warnings popping up all over my projects since I upgraded my Vagrant box to PHP 5.4. Your initial reaction might be to fix the strict warnings, and you would be right except when you can’t.
It seems that a lot of very popular plugins and even WordPress core throw strict errors. The temptation then is to turn off WP_Debug to avoid scrolling through a long list of errors that you can’t fix anyway.
Before you do that, let me introduce you to a better way. Read more
Well… day 3 in Vegas is almost over which means there is just one more day to go. It has been a great trip, but I am very ready to come home.
We didn’t do a whole lot today, so I’ll take this opportunity to tell you about the elevators here at the hotel. Perhaps this is normal for buildings with 50+ stories, but their are 3 different groups of elevators, each servicing a different set of rooms. This is very handy for me since I’m on floor 50 and would spend hours traveling up and down in the elevator otherwise. The interesting thing about this elevator, though, is that it travels at mach speed when traveling past the levels it doesn’t service. I’ve actually had more issues with the pressure changes in the elevator than I had with the airplane.
Day 2 at Las Vegas has been a lot of fun. We started out with a walk to Circus Circus (about 20 minutes), where we had our company all-hands meeting. We discussed the staggering growth we’ve had in the past year and mapped out a strategy to continue our success in the new year. I found this to be very inspiring and look forward to the coming months and years to see where we go. I really feel like our leadership is on the right path.
They were not quite ready for us when we first got to Circus Circus, so we were taken on a tour of some of the haunted maizes that are running in the evenings. As a somewhat sensitive individual, I was a little worried about this, but turned out to be pretty entertaining and our tour guide seemed very enthusiastic.
This is day one in Las Vegas for the 10up company conference and I am beat!
The flight went smoothly (except for the slightly larger than 3oz bottle of coffee I tried to smuggle past the TSA) and so far my first impressions of Las Vegas are slightly mixed. I have not yet been to the main strip, but the parts of the city that I’ve seen seem mostly under construction. Perhaps this impression will change as I look around some more. Altogether, though, too many blinking lights for my taste.
Workflows with Git from Tanner M
I am neither a command line wiz or a git expert, but learning a few commands in the terminal and learning the basics of Git has changed my workflow forever!
Here is the scenario that I’ve run into more times than I care to count. While working on a new feature for a project you find it necessary to submit a patch that conflicts with the files you are modifying for the new feature. What is the solution? In the past, this meant undoing all the progress on the new feature request so that nothing is accidentally deployed, writing the patch, deploying, and then try to paste in or rewrite all of the work you just undid. This is uncool and very inefficient.
Or how about this: your client requests a new feature that spans several files, but once it is completed decides that the site audience is not ready for it. Now what do you do? There are more features that need to be developed but how do you continue on without trashing the feature that is now on hold?
Let me introduce you to a better way.