Do you want to reach more people or customers? Why not make your website multilingual? The article that we’re sharing today will guide you how to do that. How to Easily Create a Multilingual WordPress Site Do you want to translate your WordPress site in multiple languages? Wondering where to start? In this article, we […]
The 11 Best Code Editors Available in 2015
This is for all the Web Developers out there! Both free and paid code editors are discussed in the article. Some of them are: Atom UltraEdit Sublime Text Notepad++ CoffeeCup For the full list, click here.
Malware Cleanup to Arbitrary File Upload in Gravity Forms
During our regular cleanup process we came across a reinfection case that caught our attention. This particular environment didn’t have anything special or fancy, it was an updated WordPress installation and had 3 out-of-date plugins; that’s pretty reasonable. After running through our processes and cleaning the environment we kept coming back to a reinfection; the […]
Why Websites Get Hacked
I spend a good amount of time engaging with website owners across a broad spectrum of businesses. Interestingly enough, unless I’m talking large enterprise, there is a common question that often comes up: Why would anyone ever hack my website? Depending on who you are, the answer to this can vary. Nonetheless, it often revolves […]
Enforce Web Policy with Hypertext Strict Transport Security (HSTS)
Hypertext Strict Transport Security (HSTS, RFC 6797) is a web security policy technology designed to help secure HTTPS web servers against downgrade attacks. HSTS is a powerful technology which is not yet widely adopted. CloudFlare aims to change this. Downgrade attacks (also known as SSL stripping attacks) are a serious threat to web applications. This […]
Fixing the “Password Field is Empty” WordPress Error in Chrome
Some users trying to access their WordPress admin panel have found that Google Chrome seemingly auto-fills their password. Hooray for technology! But once they click submit, they get a message along these lines: ERROR: The password field is empty. It’s annoying but fixable. Several months ago, StackExchange user Robbert offered three different ways to put […]
Security Advisory – WP-Slimstat 3.9.5 and lower
Advisory for: WP-Slimstat Security Risk: Very high Exploitation level: Remote DREAD Score: 8/10 Vulnerability: Weak Cryptographic keys leading to SQL injections Patched Version: 3.9.6 WP-Slimstat’s users should update as soon as possible! During a routine audit for our WAF, we discovered a security bug that an attacker could, by breaking the plugin’s weak “secret” key, use to perform a SQL […]
Universal SSL: Encryption all the way to the origin, for free
Last September, CloudFlare unveiled Universal SSL, enabling HTTPS support for all sites by default. All sites using CloudFlare now support strong cryptography from the browser to CloudFlare’s servers. One of the most popular requests for Universal SSL was to make it easier to encrypt the other half of the connection: from CloudFlare to the origin […]
TLS Session Resumption: Full-speed and Secure
At CloudFlare, making web sites faster and safer at scale is always a driving force for innovation. We introduced “Universal SSL” to dramatically increase the size of the encrypted web. In order for that to happen we knew we needed to efficiently handle large volumes of HTTPS traffic, and give end users the fastest possible […]
Do the ChaCha: better mobile performance with cryptography
CC BY-ND 2.0 image image by Clinton Steeds CloudFlare is always trying to improve customer experience by adopting the latest and best web technologies so that our customers (and their visitors) have a fast and a secure web browsing experience. More and more web sites are now using HTTPS by default. This sea change has […]
