Since version 2.3, WordPress has been vulnerable to a Host Header Injection attack in certain server environments. Over the years, there has been some discussion about fixing the vulnerability, but as of WP 4.9 (beta) nothing has been implemented. So to help those in the WP community who may be concerned (including myself), I developed a new security plugin that fixes the issue: Host Header Injection Fix (HHIF). Continue reading »
'at the beginning of the file, save changes, done.