Author Archives: Jon Cave

Trac Cookie Revocation

Posted on October 26, 2011 by Jon Cave

Last week there was some spam posted to the WordPress core bug tracker. The accounts involved can easily have their access to WordPress.org blocked and their passwords changed to invalidate the cookies used to access the WordPress.org forums. This also … Continue reading →

Posted in Code | 1 Comment

One year in core

Posted on April 10, 2011 by Jon Cave

A year ago today was the first time that one of my patches was accepted into WordPress core. Just a few days after submitting my first patch and opening my first ticket. In the past twelve months I have submitted … Continue reading →

Posted in WordPress | 5 Comments

Announcing Exploit Scanner 1.0

Posted on February 27, 2011 by Jon Cave

With the launch of WordPress 3.1 — actually slightly delayed by bug hunting — I am pushing Exploit Scanner version 1.0. Summary of main changes: diffs of modified core WordPress files File hashes for WordPress 3.1 Updated malicious pattern signatures … Continue reading →

Posted in Security, WordPress | 3 Comments

Road to WordPress 3.1

Posted on February 23, 2011 by Jon Cave

WordPress 3.1 is finally here! Of the new features that arrived today, a few of my favourites are: Internal linking Improved WXR import/export (well it had to be on my list) Admin bar, just because of the awesome Debug Bar … Continue reading →

Posted in WordPress | 10 Comments

Password reminders or: How not to instill confidence

Posted on January 17, 2011 by Jon Cave

Please do not do this: Either send me a random string and tell me to change it once successfully logged in (not great), or send a link to allow me to save a new secret password. Definitely do not let … Continue reading →

Posted in Security | 1 Comment

Why exams suck

Posted on January 17, 2011 by Jon Cave

You may know that the hours of missed sleep and prolonged concentration lead to total mental exhaustion, but the real reason that exams suck is because… I had to miss #wptybee for five of them.

Posted in WordPress | 4 Comments

Drupal 7: Secure password storage by default at last

Posted on January 5, 2011 by Jon Cave

With the release of Drupal 7 today we see the arrival of secure password storage by default (as well as many other great new features and changes). Obviously secure password storage in the database is essential for any web application. … Continue reading →

Posted in Security | Tagged Drupal, WordPress | 4 Comments

I see your WordPress 3.0.4 with Exploit Scanner 0.97.5

Posted on December 30, 2010 by Jon Cave

WordPress 3.0.4 was released a few hours ago to fix a couple of persistent XSS vulnerabilities. One of these was discovered by me, and I also participated in lengthy discussions about the fix (maybe more on this at a later date). It … Continue reading →

Posted in WordPress | 2 Comments

Hello world! (obligatory)

Posted on December 23, 2010 by Jon Cave

My name is Jon, I am currently studying Computer Science in the UK and I help make WordPress. After much procrastination I have finally gotten around to starting a blog using the software that I contribute to (think of it … Continue reading →

Posted in Uncategorized | Leave a comment

Author Archives: Jon Cave

Recent Posts

Archives