In August 2013, Web Vulnerability has been released, in some words.
If you're using HTTPS at any level you HAVE to protect your site against this flaw now..
Extract the folder from ZIP file..
BBA REPEATER used by this plugin to add secret srting in each nonces, default is 2, min is 1, no max, just change it..
BBA NONCE LENGTH From 4 to 32 with 10 for default value, you can modify the length the each nonces WordPress, the longer, the better.
Its default value is day, i suggest you to low this value, like 12 hours or 6 hours ..
Separate the secrets from the user input 3.
Obfuscate the length of web responses by adding random amounts of arbitrary bytes -> Done. I do not recommand this because of lack of performance, at least, but you can do it yourself in you PHP ini or.htaccess, google how to disable http gzip compression. Can't do this in WordPress..
Browse the code, check out SVN repository, or subscribe to the development log by RSS...
New problem with pack now, use my own function.. 1.1 29 aug 2013 hex2bin is not always available, use pack instead. 1.0 29 aug 2013.
Read more
Related items:
