Monthly Archives: January 2018

Content Security Policy and WordPress

For your protection, I’ve been working on securing this website with all the proper security HTTP headers.  Of course, by running WordPress as the backend, I’m making it easy to manage all the data but making it difficult to manage all the pieces and parts of the system’s backend.  The largest problem I’ve found are the many inline javascript and inline CSS scripts that are in WordPress Core.

So far I’ve added the easy headers: Strict-Transport-Security, X-Frame-Options, X-XSS-Protection, X-Content-Type-Options, and Referrer-Policy.  The complicated one, at least for sites using WordPress, is the Content-Security-Policy.  Unfortunately, the Content-Security-Policy is the best protection against XSS attacks.  As I pointed out above, WordPress uses several inline scripts and CSS instructions.  This means that I’d have to use “unsafe-inline” when describing what is allowed for scripts and styles.  Unfortunately, adding that negates much of the protections offered by the policy.

There is a way around doing this while still allowing inline scripts: using a nonce.  Of course this isn’t really possible with code that one doesn’t directly control, like the WordPress Core.  I did, however, find a potential fix that may be forthcoming that I’ll be monitoring.  This enhancement would allow for a plug-in to add a nonce to these scripts, thus allowing a Content-Security-Policy to be defined to allow those specific scripts.  Until then, I’ll have to leave this site somewhat unprotected like many (most?) websites are today.


National Association for Search and Rescue logoOver the past few months a small group of us from Calvert K9 Search Team (CK9) have been working towards our NASAR SARTECH II certification.  The four of us have been meeting several times a month, in addition to studying at home, to learn lots of material and become proficient in clue finding, land navigation, tracking, ropes, and other search and rescue techniques.  Yesterday and today was the culmination of all that hard work with the administration of written and practical examinations.

Ed, Elizabeth, Will, and I took the written exam and knots practical exam last night and then met this morning for all the outdoor practical exams.  It was a little wet with the rain, turning into sleet, and then turning into a little snow.  Once we got moving, though, we warmed right up and didn’t even feel the chill in the air.

Ed and I paired up to do both of the clue courses and then it was onto the navigation course.  As usual I somehow magically drew the long course.  At one point, between the fourth and fifth points, I wasn’t sure that I was hitting the correct spot.  I backtracked several times and ended up slipping on a log and landing on my knee.  My knees, being unhappy with any kind of trauma, large or small, was not happy about this and so I had a slight limp for the legs between the fourth, fifth, and sixth markers.  Up until the fifth marker my bearings had been right on with no deviation over tens of meters through brush and woods but I was off a little bit on that fifth marker which led to some doubt.  Oddly enough, running a back azimuth track from the fifth to the fourth marker yielded a perfect bearing so I took the fifth point to be where I was supposed to go.

After the navigation course, I quickly did my tracking test and then went inside to calculate my distances between points from the navigation course and rest my knee.  Betty provided an ice pack which really helped with the pain.

In the end, four of us started and four of us passed!  It was hard work and the work we put in showed in the end.  It’s really helpful that my team, CK9, has many NASAR SARTECH II evaluators on hand to not only teach the courses but also administer the examinations.  This would have been a lot more difficult had I been forced to travel long distances to complete this work.

Thanks to all the CK9 evaluators that came out and helped teach and administer the examination.  A special thanks to Mike and Betty who opened their home to us on a regular basis for our learning sessions and fed us and to Mike for taking the lead on teaching all of us!