joepie91

Recently, Let's Encrypt launched free wildcard certificates. While this is good news in and of itself, as it removes one of the last remaining reasons for expensive commercial certificates, I've unfortunately seen a lot of people dangerously misunderstand what wildcard certificates are for.

Therefore, in this brief post I'll explain why you probably shouldn't use a wildcard certificate, as it will put your security at risk.

A brief explainer

It's generally pretty poorly understood (and documented!) how TLS ("SSL") works, so let's go through a brief explanation of the parts that are important here.

The general (simplified) idea behind how real-world TLS deployments work, is that you:

magnetikonline

WordPress database clean up queries

• Orphan rows
  • wp_posts -> wp_posts (parent/child)
  • wp_postmeta -> wp_posts
  • wp_term_taxonomy -> wp_terms
  • wp_term_relationships -> wp_term_taxonomy
  • wp_usermeta -> wp_users
  • wp_posts -> wp_users
• Other

rafl

#!/usr/bin/env perl

# Parameters supported:       
#                             
# config                      
# autoconf                    
#                             
# Magic markers:              
#%# family=auto               
#%# capabilities=autoconf