Easily fixing insecure references

One of the easiest mistakes to make when trying to convert an insecure HTTP website over to a secure HTTPS one is mixed content. Mixed content is when the site itself is loaded over HTTPS, but it contains links to content which are HTTP and therefore insecure – there’s no point knowing that the page…

Sonarwhal renamed to Webhint

A little over a year ago I wrote a post about testing your website with sonarwhal, a new tool I’d heard about for testing you website for security, performance and accessibility issues.  I then followed that up with a post about sonarwhal via the command line. I did promise to go through and fix all the issues…

Require SRI (Sub Resource Integrity)

I’ve written previously about both CSP (Content Security Policy) and SRI (Sub Resource Integrity), both of which are mechanisms that can be used to better secure your website. CSP (or Content Security Policy) allows you to set a number of directives about what types of content can be loaded by your website, and what locations they can…

Web ARX Security

I’ve written before about the Web ARX Security plugin for WordPress, which I’m a big fan of.  In fact it’s even better now! Previously it was only available for WordPress, but now you can apply it to any PHP-based website, so it works with Joomla, Drupal and Magento as well. You can also configure the…