Developer Diaries
One Architecture, Six Plugins
How six WordPress plugins share one security model, one UX system, and one licensing infrastructure — and why that matters.
Read
Developer Diaries
MFA v1.7: Hardening Checks and Nginx Directives
10+ security scans with one-click remediation and a visual Nginx directives generator for Plesk. Because .htaccess is useless on Nginx.
Read
Developer Diaries
Fortify: Zero-Trust WAF for WordPress
An 8-stage WAF pipeline that fires before WordPress loads. Zero-trust scoring, API Shield, MFA step-up auth, and file-based kill switches for safety.
Read
Developer Diaries
One Architecture, Nine Plugins
How nine WordPress plugins share one security model, one UX system, and one licensing infrastructure, and why that matters.
Read
Developer Diaries
Building MFA from Scratch in PHP
A pure-PHP RFC 6238 TOTP implementation with zero dependencies, trusted devices, per-role enforcement, and MSP Hub integration.
Read
Developer Diaries
The Encryption Layer: AES-256 Everywhere
PII encryption with AES-256, blind index search with HMAC-SHA256, separate key chains for client and master, defence in depth.
Read
Developer Diaries
RSA JWT Licensing: How I Made Piracy Pointless
RS256 asymmetric tokens, Sentinel MU-plugin, heartbeat verification, offline grace, the architecture that makes pirating AJT plugins not worth the effort.
Read