Sysadmins of the North

31 August 20168 June 2017

How to optimize your WordPress hosting – 9+ practical tips

Isn’t it true that, when you (start to) develop WordPress websites for clients, and you host them yourself, you find yourself in a situation where you need to know a lot about “stuff” other than WordPress development? In this optimize your WordPress hosting post, I provide 10 practical tips for you, to improve WordPress hosting performance. Especially useful for when you plan to host WordPress websites yourself. Read on to learn how I optimize my WordPress hosting, and how you can do the same.

Continue reading “How to optimize your WordPress hosting – 9+ practical tips”

31 August 201629 April 2017

SSL in WordPress: how to move your WordPress site to HTTPS? The definitive guide

How to add SSL and HTTPS in your WordPress site, the definitive guide! Did you know that having an SSL certificate on your website is the de-facto standard nowadays? Google ranks sites having HTTPS -or an SSL certificate- higher in their SERP. But in WordPress, what do you need to do to set up and install an SSL certificate in your WordPress website? You’ll learn the important steps to move WordPress from http to https in this post.

Continue reading “SSL in WordPress: how to move your WordPress site to HTTPS? The definitive guide”

10 June 201619 May 2017

MySQL InnoDB performance improvement: InnoDB buffer pool instances – Updated!

Your MySQL Database at Warp Speed - img. credits: Christian Daryanto Limas @ flickr — Your MySQL Database at Warp Speed

Are you running into MySQL load problems? Learn how how I tuned my MySQL servers for a heavy InnoDB workload, by configuring innodb_buffer_pool_instances. Dividing the InnoDB Buffer Pool into multiple instances improves Disk I/O. By doing so, you run your website more efficiently and fast. Here is a little help for you.

Continue reading “MySQL InnoDB performance improvement: InnoDB buffer pool instances – Updated!”

2 June 201719 June 2017

How to: Protect WordPress from brute-force XML-RPC attacks

The WordPress XML-RPC API has been under attack for many years now. Back in August 2014, WordPress released version 3.9.2, fixing a possible denial of service issue in PHP’s XML processing. There are brute-force amplification attacks, reported by Sucuri, and so on. So, how do you protect WordPress from these xmlrpc.php attacks, but still being able to use (some of) its functionality like Jetpack? This post gives you some insight.

Continue reading “How to: Protect WordPress from brute-force XML-RPC attacks”

25 May 201730 May 2017

WsusPool keeps crashing: stops again and again

Sometimes you find your WSUS server keeps crashing over and over again. WSUS is unavailable and/or the WSUS management console hangs. When you start to investigate as to why Windows Server Update Services crashes, you’ll notice the following error message being logged in the HTTPErr log files:

Continue reading “WsusPool keeps crashing: stops again and again”

19 May 20171 June 2017

Remove Jetpack email sharing service

Recently the WordPress Jetpack email sharing service is often abused by spammers. They use the Send to Email Address for sending spam. All these kind of “Tell a Friend” scripts are abused a lot. Here is how to disable email Services service.

Continue reading “Remove Jetpack email sharing service”

16 May 201719 June 2017

Merge multiple files into one new file in Windows

A quicky: if you need to merge multiple text files into one new file in Windows, you can use the copy command in cmd.exe, and here is how:

Continue reading “Merge multiple files into one new file in Windows”

13 May 201715 May 2017

How to disable SMBv1 in Windows 10 and Windows Server

The WannaCry/WanaCrypt0r worm exploits a vulnerability in Windows Server Message Block (SMB) version 1 (SMBv1), and it spreads like wildfire. It is urged to disable SMBv1 in your Windows variant (Windows 10, 8.1, Server 2016, 2012 R2), and here is how if you haven’t done so yet.

Continue reading “How to disable SMBv1 in Windows 10 and Windows Server”

12 May 201713 May 2017

Detect ethernet network speed in Windows

Ideal for Windows Server Core or Nano: detect ethernet network speed using PowerShell / WMI. On the command-line. If you ever need to lookup the speed of your ethernet network card in Windows, you can use one of the following WMIC command on your PowerShell prompt:

Continue reading “Detect ethernet network speed in Windows”

12 May 2017

Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege

Microsoft Security Advisory 4021279: Microsoft is releasing this security advisory to provide information about vulnerabilities in public .NET Core and ASP.NET Core. This advisory also provides guidance on what developers can do to update their applications correctly.

Continue reading “Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege”

2 May 20172 May 2017

DisableNSRecordsAutoCreation with Dnscmd

This post explains how to restrict automatic NS resource record registration in Windows Server DNS using Dnscmd. This prevents Windows Server DNS to automatically create NS records for zones that it hosts on the server.

Continue reading “DisableNSRecordsAutoCreation with Dnscmd”

30 December 201619 January 2017

Penetration Testers’ Guide to Windows 10 Privacy & Security

Andrew Douma, a vendor-neutral consultant, writes in Penetration Testers’ Guide to Windows 10 Privacy & Security:

Continue reading “Penetration Testers’ Guide to Windows 10 Privacy & Security”

16 December 20165 April 2017

Check WordPress Core files integrity

Check the md5 checksum of WordPress Core files against WordPress’ checksums API, using this standalone PHP file. I chose to use a standalone PHP script to check the md5sum of WordPress Core files against the API so you’re not dependent on a possibly hacked WordPress installation. This kind of guarantees the result can be trusted, as opposed to using a WordPress plugin. I think this is a better integrity check of WordPress Core files.

Continue reading “Check WordPress Core files integrity”

3 December 20163 December 2016

Quiet WordPress 4.7 RC2 available

Helen Hou-Sandi writes on Make WordPress Core that there is a quiet RC2 now available – it is a fair number of commits (50+), so please take a look through those and test as you can.

27 October 20161 February 2017

Joomla! (< 3.6.4) Account Creation/Elevated Privileges write-up and exploit

Yesterday, Melvin Lammerts wrote an article on the account creation with elevated privileges vulnerability in Joomla! < 3.6.4. And included a PoC exploit. This Joomla! vulnerability makes it easy for an attacker to create an user account, even when user registration is turned off. Yikes!

Continue reading “Joomla! (< 3.6.4) Account Creation/Elevated Privileges write-up and exploit"

19 October 201619 May 2017

Clear PHP opcode caches before WordPress Updates: ease the updating process

In various hosting environments, WordPress core-, plugin- and theme updates sometimes fail because of enabled opcode caches. Popular PHP opcode caches are OPcache, WinCache and APC. This little WordPress Must Use Plugin tries to flush opcode caches. Making your live a bit easier when updating WordPress Core, Plugins and Themes.

Continue reading “Clear PHP opcode caches before WordPress Updates: ease the updating process”

Posts