Tag Archives: ssl

Developers: please use sslverify = true

      1 Comment on Developers: please use sslverify = true

Often WordPress is being used to talk to external gateways or API’s. Especially now, with the uprising popularity of the REST API WordPress is getting more and more ready to talk to the outside world. A fairly common practice is to set sslverify = false when you’re using functions like wp_remote_get() or wp_remote_post (). Even though this was common practice… Read more »

POODLE-bug – what can you do?

      No Comments on POODLE-bug – what can you do?

Right now a bug in SSL poses a risk for users sending information over a supposedly secure connection. I won’t describe the bug in detail, but the short version is that it allows an attacker to force a site-visitor back to the insecure SSL 3.0 protocol. Combine this with a man-in-middle-attack (MiTM) and you can guess where this is going… Read more »