Archives: Definitions

Expect-CT is [DEPRECATED] The Expect-CT security header was created to enforce the use of certificate transparency. Certificate Transparency (CT) requires all SSL certificates issued, to be logged in a public log so that any unauthorized issuance of certificates can be easily detected. When a certificate is issued the issuer of the certificate sends a “Signed Certificate Timestamp” (SCT) to a publicly available CT log.  If your site sends the Expect-CT header it tells browsers to check if the SCT for your

X-XSS-Protection [DEPRECATED] The X-XSS-Protection security header is a legacy header that was created to control the browser’s built-in protection against Reflected Cross-Site Scripting (XSS) attacks. In the past, XSS protection was built into Internet Explorer, Chrome, Edge, and Safari. Firefox never implemented XSS protection. When a browser with built-in and activated XSS protections detected an XSS attack, the browser would automatically remove the unsafe scripts from the page. X-XSS-Protection Options The X-XSS-Protection header has the following options: 0 -> Disable

  HSTS means HTTP Strict Transport Security, and makes browsers force your visitors over https. Why do you need this when you already have redirected your site to SSL? HSTS is meant for situations when users are not actually visiting your site, but a site that is pretending to be your site, and therefore does not have a SSL certificate. This fake site won’t have a redirect to SSL! Let’s say a user is in a public place on wifi

Apache is one of the most commonly used open-source web server software. According to W3Techs, roughly one-third of all websites are hosted on an Apache server. The web server handles the communication with the client (usually the browser) to serve the (WordPress) website. Apache is particularly popular with hosting providers offering (shared) hosting solutions for smaller blogs and sites with not too many users. As the W3Techs reports show, Apache is losing popularity to NGINX, Clourflare Server, LiteSpeed and others.

XML-RPC is a protocol that allows for communication between WordPress and other systems. It allows for remote publishing and editing capabilities without having to log in to the WordPress back-end. XML-RPC support has been included in WordPress since early versions of the software, and it is still available in current WordPress versions. There are some plugins that still require you to have XML-RPC enabled, a common example is the JetPack plugin. While JetPack’s functionality does not strictly depend on XML-RPC (and