Security Updates

Some important information regarding security is available here.

Hey everyone; today we need to tackle a serious topic – security.

Anyone who follows my Twitter account will have seen this tweet:

Well, I did keep an eye on them – they didn’t stop. It’s not clear if this is an individual, group or an unattended bot. Either way, they’re making 2 login attempts, waiting random amounts of time, then trying 2 more times from a new internet address, making them very difficult to track.

Very difficult, but not impossible. Nevertheless, this is a security risk, so I’ve taken steps to “button-up” my website from now onward, including but not limited to:

1. Integrations

Integrations with external sites such as WooCommerce have been removed. Leaving only the Gravatar service and an anti-spam service integrated with my website.

2. Adjustments to plans

Original plans were to use the WooCommerce platform to sell my own goods, both physical and digital. However, due to the sensitive information involved and the ongoing security risk I’ve decided to sell my physical goods via eBay instead. I’m still considering the future of digital goods.

3. Rate limiting

I’ve reconfigured the rate limiting measures both on my website itself and on my server to be more aggressive. For example, if you fail to log in too many times you’ll now be blacklisted for 12 hours as opposed to one.

4. The RPC API has been blocked

The RPC API has now been blocked because it is generally seen as a potential liability. See here or here for reference.

5. Privacy Policy

To reflect all of the changes made, I’ve updated my Privacy Policy. Please ensure you read and understand the new privacy policy before you continue using my website.

6. Key rotation

Security features like remote command keys, cookie salts & nonces, passwords and more have been rotated as a precautionary measure – meaning any previously logged-in users will be forced to log in again, even if “remember me” was selected.

I apologise for the inconvenience this will cause some users. However I ask that you bear with me as security is my priority here. Please stay tuned for my updated plans as they develop. See you next time!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.