Resources

WordPress, security, performance, and hosting notes. Written for people who actually do stuff.

Roles and Capabilities in WordPress

Content Security Policy (CSP)

Essential Protocols for Website Security

Did You Know? All Subdomains Are Public If You Have an SSL Certificate!

Tip for uploading your database via via PHP myadmin that will save you time

Is Moving wp-config.php Outside the Web Root Really Necessary?

Advantages of Having Correct File Permissions in WordPress

Adding an extra layer of protection to your WP admin

What is the Secure Flag for Cookies in WordPress?

What is the Strict-Transport-Security Header?

What is the X-Content-Type-Options Header?

What is Content Security Policy and why is it so difficult?