Sep 8, 2025
· 10 min read
· 10 min read
WordPress Plugin Security: Lessons from Two Disclosures
The exact security checklist I run every plugin through before release — capability checks, escaping, nonces, and the disclosed bugs that taught me each lesson.
→
Jun 18, 2025
· 8 min read
· 8 min read
Caddy + Laravel: A 50-Line Production Config
The exact Caddyfile I run in production — automatic HTTPS, HTTP/3, security headers, rate limiting, asset caching, all in ~50 lines.
→
Apr 30, 2025
· 8 min read
· 8 min read
Cloudflare in Front of Laravel: Real IPs, Trusted Proxies, Locked-Down Origins
How to make Laravel see real visitor IPs through Cloudflare — TrustProxies config, origin firewall rules, geolocation headers, and the caching gotchas.
→