SVG uploads in WordPress (the Inconvenient Truth)

Enabling uploads of SVG files in WordPress is quite easy, and there is a tonne of posts on the Interwebs explaining how you do it. Usually along the lines of:

And that’s pretty much it. Except it is not.

Read More SVG uploads in WordPress (the Inconvenient Truth)

HTTP Public Key Pinning (HPKP)

Using HTTPS helps preventing someone from snooping your username/password or hijacking your sessions. Using HSTS makes sure the connection stays on HTTPS, even if a MITM tries to redirect you to the plain HTTP version of a web site. But it is easier than you might think for a MITM to use a rogue certificate, […]

Read More HTTP Public Key Pinning (HPKP)

Securing Nginx with HTTPS

Adding a certificate and using the HTTPS protocol is a good improvement to the security in the communication between the browser and the server, and should be in place on all sites that have a user login. Contrary to what many (older) guides say, it doesn’t add much load on your server and is fairy […]

Read More Securing Nginx with HTTPS