Show the number of registered WordPress users in At-a-Glance widget
Often when a WordPress site is compromised, the website owner doesn’t notice anything strange at first. First a lot of users are created, and it’s only later when posts filled with spam are created or existing pages/posts edited. In the time between compromise and creation of spam posts, a website owner might notice an increased number of users. If he has the means to. And that’s what this little plugin does.
Read MoreOn a daily bases, new vulnerabilities are found in WordPress plugins. And when you host thousands of WordPress sites, you can count on the fact you have some customers using that vulnerable version of that particular plugin. So you need to find those vulnerable versions on your servers fast. On Windows Server, PowerShell is a perfect tool for the job!
Read MoreSecure wp-content/uploads in Linux Apache and Windows Server IIS
It’s recommended to disallow access to and execution of PHP files in wp-content/uploads folder. Preferably and in my opinion without the use of a security plugin. Denying access to PHP files in WordPress wp-content/uploads folder is easily achieved with a .htaccess file on Linux Apache, or web.config on Windows Server IIS, and here is how.
You can use this Bash function in your .bashrc file to generate a random alphanumeric string. This comes in handy when you need to generate a long, secure password for example. Adjust to your needs.
This post contains some example WMI filters for you to use in Group Policy Objects (GPOs) to target and manage specific Windows Server versions like 2012R2, 2016 and Windows Server 2019.
Read MoreBasic Authentication managed HTTP module for IIS with virtual users support
In my pursuit of a basic authentication alternative in IIS, other than the built-in Basic Authentication module or Helicon Ape, I came across Devbridge AzurePowerTools. It’s apparently one of few HTTP managed modules for IIS that enables HTTP Basic Authentication with support for virtual users.
Read MoreHow to create an IP restrictions whitelist for your IIS FTP Server with Powershell.
When you set up a new public facing FTP server in IIS, it is important to properly secure it. Of course there’s authentication and authorization, but in this post I’ll show you how to configure an IP whitelist for FTP using PowerShell.
Read MoreThank you Ronald as I needed exactly this today. Here is how to remove phantom application folders from websites in IIS using PowerShell.
Read MoreHere is how to change Akismet interval to three days instead of 15 days for deleting spam comments using the akismet_delete_comment_interval filter.
Read MoreBackup and restore IIS configuration with appcmd
If you are using Windows Server IIS as your web server software, it is important to make regular backups. Luckily, using appcmd this is quite easy.
An System.Collections.Generic.KeyNotFoundException “The given key was not present in the dictionary” can be the result of using a too old MySQL Connector/NET version in your ASP.NET web application. A KeyNotFoundException is thrown when an operation attempts to retrieve an element from a collection using a key that does not exist in that collection. An unsupported character set like utf8mb4 can be such a key, if your Connector/NET doesn’t support this character set. Luckily there is an easy workaround for this.
Read MoreWhenever WordPress is using a lot of CPU and you have Wordfence Security plugin enabled, it is recommended to double check some settings. Unfortunately the Wordfence “Live Traffic Options” (“Traffic logging mode”) feature can cause high CPU usage and load issues for WordPress websites. Therefore, I recommend you disable this feature to improve the performance of your WordPress website.
Read MoreThis might be specific to my Windows Server environment and PoSH scripting, but using -SeachBase with PowerShell’s Get-ADComputer gives me faster results. You can use this for your own advantage, here is a little example to speed up AD DS queries.
You can install Servicing Stack Updates (SSU) for Windows Server 2016 and Windows Server 2019 using PowerShell, without downtime. Because they must be installed prior to your normal Windows Server security updates, you can install them anytime you want to during the day. Here’s a small PowerShell example to do so.
Read MoreMicrosoft is pleased to announce the final release of the security configuration baseline settings for Windows 10 version 1903 (a.k.a., “19H1”), and for Windows Server version 1903.
Read More
24 queries, took 0.481 seconds running PHP version 7.4.5