The Caveena Solutions Blog
Every year the Brunei Darussalam Department of Labour releases a census that all local businesses must fill in. It’s a legal requirement and every year they don’t mind reminding you of the fines for neglecting to do so.
Well this year they’re trying something new: they’re doing it online via their newly released Labour Control System. I applaud the Department of Labour for taking real action in converting actual processes into an online workflow.
Like with any new system, there are bound to be bugs. And I found a rather embarrassing oversight. When asked for my country of origin, I could not select Brunei.
Erm, yeah. And I had to fill in a value or it wouldn’t allow me to proceed.
This wasn’t the only issue I cam across. Initially the system could not even retrieve my Company Registration Number and simply returned the value null.
Teething problems. It happens to the best of us. I hope the Department of Labour isn’t discouraged because bugs or not this is a step in the right direction!
Edit (19th October 2015): We now have a more complete list of countries which includes Brunei!
You’ve probably heard the news already that WordPress websites are facing an XML-RPC Brute Force Amplification Attacks. But did you also know that Sucuri, iThemes and Wordfence already have you protected?
If you use Sucuri’s Website Application Firewall (WAF), the company has you covered:
Note that users of our WAF are already protected against this attack, so if you are on CloudProxy you are safe.
Similarly, the Wordfence Security Plugin has login protection that takes into account XML-RPC. Just remember to enable Login Security in the Wordfence Options.
Yes we do protect against brute force via XML-RPC and we have for some time now. We also protect against multiple attempts via a single XML-RPC call
Finally, the iThemes Security Plugin protects against XML-RPC Brute Force attacks (even the free version):
Brute Force Protection in iThemes Security just got more robust. Now when you enable Brute Force Protection this feature includes protection from XML-RPC attacks
Make sure your websites are protected!
Edit (16th October 2015): iThemes Security v5.1.0 and iThemes Security Pro v2.0.0 protect against the XML-RPC Brute Force Amplification Attacks.
New Feature: Added “Multiple Authentication Attempts per XML-RPC Request” setting to the WordPress Tweaks section. When this setting is set to “Block”, iThemes Security will block brute force login attacks against XML-RPC
Edit (15th October 2015): If you have Jetpack installed, the Protect Module also stops XML-RPC attacks.
A while back iThemes reported they had to remove VirusTotal Malware Scanning from their iThemes Security WordPress plugin. They have just announced that the plugin will now use Sucuri’s SiteCheck Malware Scanner.
While Sucuri’s SiteCheck is available in both the free and Pro versions of iThemes Security, the Pro version allows for daily automated scanning. That’s a nice add-on, if you ask me.
This is a great addition to the iThemes Security plugin. However, my websites already use the Sucuri Security WordPress Plugin which incorporates Sucuri’s SiteCheck (albeit scans have to be done manually) so this is a bit redundant for my needs. Having a different malware scanner would help cover more bases.
For alternative malware scanners, there’s always StopTheHacker. That service was StopTheHacker was acquired by CloudFlare last year so perhaps more integration is in the works.
Baymard has a write-up on Quick Views and Product List Usability. The key takeaway: Quick Views, which have become a staple for online Product Lists, often hide poor design in the Product List themselves. Almost everything the Quick View brings could just as easily be implemented in the Product List itself.
Good food for thought.
Quick Views are often symptom treatments for poor product list designs. Indeed the test subjects were only appreciative of Quick Views on test sites that had a problematic list item design.
Designmodo has a quick overview of what to expect in Bootstrap 4. My initial thoughts:
- Moving from Less to Sass. Crap, now I gotta learn Sass and set up my development environment to support it.
- Grid System based on ems instead of pixels. Nice.
- Dropped support for IE8. OK, whatever…
- Dropped Glyphicons. Uh… please announce a replacement.
- Optional Flexbox. Yesssssss…
- Cards as a new component. Nice.
My biggest gripe is easily having to switch to Sass. Ah well, I’ll live.
I’ve been using BlockBadQueries on all my WordPress websites for quite some time now. And I just realized BlockBadQueries Pro was released in June. The Pro version offers more minute customization options than the free version though if you just want to set-and-forget I suggest sticking with the free version.
BlockBadQueries is based on the 5G Blacklist 2013 and the 6G Beta. So you could certainly copy the rules into your .htaccess
file if (assuming you’re comfortable with Apache commands & regular expressions) you want to customize the rules for free.
They say “Don’t re-invent the wheel.” It’s pretty sound advice but you should probably know the different kinds of wheels you can choose from. And because it had been a while since I’d experimented with third-party libraries, I decided to mess around with Google’s Material Design Lite framework.
Now that Google has released it’s Material Design Lite (MDL) Framework, how does it stack up against the incumbent behemoth that is Bootstrap? Tutorialzine has a quick run-down comparing the two including their grid systems, navigation bars and other components. The article includes live, side-by-side comparisons of various components.
Want to get started with Google’s Material Design? Well now you can with the newly-released Material Design Lite Framework.
According to iThemes, version 4.8.0 of iThemes Security WordPress plugin removed the malware scanning feature that relied on VirusTotal. It’s not iThemes fault; VirusTotal discontinued the service to all WordPress plugins. Well, darn.
iThemes suggests using VirusTotal’s URL scanner or Sucuri’s SiteCheck, both of which require you to scan each website manually. Sucuri also offers automated server-side scanning as part of their paid plans.
One other option that wasn’t mentioned by iThemes is the Sucuri Security WordPress Plugin which allows you to initiate a scan from your WordPress admin. The scan needs to be initiated manually though.
Social Media Links