A Clever Spam Delivery Mechanism

This week a client forwarded me a spam email he received that I thought was interesting. It is reproduced below, with sensitive information and spam links redacted out:

A Payload Dump from a Malfunctioning Wordpress Spam Bot

I stumbled onto this comment in a client’s Wordpress database, and thought it was interesting. It looks like a spam bot malfunctioned and output all of (or at least, a large portion of) its comments. They are reproduced below:

Video: Deploying Wordpress on Multiple Load-Balanced Servers on Amazon EC2

I gave this brief talk about deploying a high-traffic Wordpress site on EC2 in Fall 2011 at the Gainesville Hackerspace. The content discussed here can be considered a follow-up to my post on solving a file-synchronization issue when deploying Wordpress across multiple servers on EC2.

Introducing Foresight - A Wordpress Security Plugin

I recently published a new plugin to the Wordpress.org Plugins Directory. I call it Foresight. It is available for download here:

http://wordpress.org/extend/plugins/foresight/

Foresight is a simple plugin that serves a simple purpose: it helps blog administrators to stay current on known exploits for Wordpress and for Wordpress plugins.

Wordpress: Format wp_head() Output as HTML 4.01 Transitional

While I’m no longer as much of a purist as I used to be, whenever I’m tasked with writing HTML, I usually go to great lengths to make sure that it is valid. For academic reasons beyond the scope of this artcle, my preferred DOCTYPE is still HTML 4.01 Transitional, and I almost always code - and validate my code - to that standard.

Having been doing a lot of Wordpress work recently, however, I’ve discovered an annoying Wordpress quirk that can make it difficult to produce valid HTML 4.01 Transitional code: the wp_head() method outputs markup formatted for XHTML, and thus, its output will register as invalid when validated against the HTML 4.01 Transitional DOCTYPE.