HSTS preloading (again)

It was recently pointed out to me that the HSTS preloading doesn’t work on my website, and upon further investigation, there were two reasons for that. Firstly; despite setting up HSTS preloading on my website when it was at https://www.rik.onl and writing a pretty detailed blog post about it, I neglected to re-do this when I moved…

Better Security Pro is coming

Earlier this year I released two new security plugins to the WordPress plugin library; Better Passwords and Better Headers.  I then followed that up a couple of months later with an announcement of a third plugin; Better Detection.  These are all available for free from the WordPress plugin library. Today I am announcing that since then…

Checking for insecure references

Insecure content is one of those things that can be tricky to find, even though it’s easy to workaround.  Let’s start by being clear about what we’re talking about. Insecure content is when your website itself is using HTTPS (the address starts with https://) but some of the content links (eg. images, javascript, stylsheets, etc.)…

Cloudflare Server-Side Excludes

Cloudflare has a great little piece of functionality called “Server-Side Excludes”, tucked away on the “Scrape Shield” tab.  The idea is that if you have some information that you’d rather not have a suspicious person (or bot!) seeing, but you don’t want to hide the page from them completely, you can just hide the specific…

Easily fixing insecure references

One of the easiest mistakes to make when trying to convert an insecure HTTP website over to a secure HTTPS one is mixed content. Mixed content is when the site itself is loaded over HTTPS, but it contains links to content which are HTTP and therefore insecure – there’s no point knowing that the page…

Sonarwhal renamed to Webhint

A little over a year ago I wrote a post about testing your website with sonarwhal, a new tool I’d heard about for testing you website for security, performance and accessibility issues.  I then followed that up with a post about sonarwhal via the command line. I did promise to go through and fix all the issues…