(WordPress 4.1 Beta1 has a new fancy post writing interface that is very annoying. Things keep popping up or disappearing. I’ll have to get used to it.)
I woke up this morning to 500 errors on all my sites. The new software intercepted another toxic code insertion attempt and logged it. It scrambled the end of my htaccess file. I am going to stop listing the reasons for blocked code in my htaccess. I thought that I put a nice filter on the reason codes, but for some reason it did not work.
The good news is that the malware detection code for the new plugin stopped a really noxious attack on my site. I think that I might make this a standalone plugin and release it to the WordPress repository and I might stop some site hacking.
I an thinking about checking file uploads, too. I could then check for nastiness in uploaded files before the upload is processed.