Basic Authentication it’s often used as a simple security measure or as a temporary authentication method while developing with certain APIs.
While the WordPress HTTP API doesn’t have explicit support for basic authentication, it’s still possible to use it as a header:
$request = wp_remote_post(
'body' => array( 'foo' => 'bar' ),
'headers' => array(
'Authorization' => 'Basic '. base64_encode( $username .':'. $password )
Remember that if you’re sending an unencrypted request, all the headers will be sent in plain text, so you should only use it over HTTPS.
There’s a very entertaining and educational thread going on Hacker News about data loss and disaster recovery that came about an actual, ongoing, massive system outage at Gliffy… I’m sure everyone has a similar story to share.
… or they should be, anyway.
I think that one of the more popular excuses around for not having backups it’s “I haven’t gotten to it”; usually because you don’t have the time to try that fantastic tutorial you found for encrypted-incremental-automatic-deduplicated-control-versioned-backups on Amazon S3.
The thing it’s… it’s ok if you don’t have time for it, because it means you’re doing your job… which very likely isn’t Chief Backups Officer. What it’s not ok it’s that you keep postponing your backups!
That’s why I think that when you’re first configuring your server you should immediately configure some sort of backup that:
- It’s very quick to setup, so you actually do it
- It’s easy to restore from, so it’s actually useful
And since I’m assuming you’re not an idiot, I know you’ll do your best to keep them safe; which doesn’t mean creating some new fancy encryption scheme but using existing tools to do the job (for instance, ssh and rsync are both encrypted, so they’re good enough for transmitting the data to another server).
I’m sure there are plenty cool alternatives to keep your data safe, but the truth it’s that if they don’t comply with these two basic requirements you should wonder if there’s a better, simpler way.
That we live in the world where we aren’t sure if any given cyberattack is the work of a foreign government or a couple of guys should be scary to us all
Bruce Schneier – Comments on the Sony hack
Check Sony got hacked hard: what we know and what we don’t know so far from Wired for a broad synthesis of the hack or A breakdown and analysis of the December, 2014 Sony hack from Risk Based Security for a more detailed perspective.