Having an SSL certificate in your WordPress is the de-facto standard nowadays, did you know that? Google ranks sites having HTTPS higher in their SERP. But in WordPress, how do you configure an SSL certificate and HTTPS URL? You’ll learn the important steps to move WordPress from http to https in this post.
Read More »SSL in WordPress: how to move WordPress to HTTPS? The definitive guide
When you use iisnode to host the Node.js blogging software Ghost on your IIS web server, and you set up an SSL certificate for your Ghost website, you may run into too many redirect issues when changing Ghost’s config.js file. This happend to me yesterday, and here is the solution.
In this post I provide you various HTTP to HTTPS redirection methods, for Windows Server IIS and Linux Apache. Use these examples to your advantage to secure the traffic between your visitors and your website.
Read More »Redirect HTTP to HTTPS How-to disable Joomla’s built-in contact forms component and its ability to send a copy to the sender, directly in your MySQL database using phpMyAdmin
Often the built-in Joomla contact forms component (com_contact) is abused by spammers. These contact forms allow the sender to receive a copy of the form contents. All spammers need to do is enter the email address of the target as sender/from. This way, anyone can use the Joomla contact form for spamming anyone. This short article explains how to disable and combat this.
Read More »Disable Joomla Contacts component (com_contact) in MySQL / phpMyAdmin If XCloner Logger option is enabled, it will store a log file inside the xcloner-XXXXX folder inside the backup archive. The file is named xcloner-xxxxx.log. This can generate a huge amount of temporary files and log files on your file system. This short article provides you one SQL statement to disable XCloner log directly in your WordPress MySQL database, using phpMyAdmin.
Read More »Disable WordPress XCloner Plugin logger in MySQL / phpMyAdmin I wrote about enabling HTTP Strict Transport Security (HSTS) in IIS earlier. But what about enabling HSTS in Apache .htaccess? Here is how.
Read More »Force HSTS in Apache .htaccess Jamshed Damkewala writes on devblogs.microsoft.com: Starting in December 2020, we will be delivering .NET Core updates on Windows via Microsoft Update. We have received many requests for this, particularly from organizations that acquire and manage all of their Microsoft-related updates via Microsoft (or Windows) Update. This change will enable organizations to manage .NET Framework and .NET Core updates in the same way. If you don’t want to use Microsoft Update to update .NET on your machines, you don’t have to, and can continue using one of the existing options.
Read More ».NET Core 2.1, 3.1, and .NET 5.0 updates are coming to Microsoft Update
How to install OpenSSH Server in Windows Server 2019 Core using PowerShell, or Windows Server 2016
OpenSSH is an ideal and secure way of performing remote maintenance & administration on your servers. Even on Windows Server! :) Microsoft have released their OpenSSH port for Windows Server and Windows 10 back in 2015. Here is how to install the OpenSSH Server on Windows Server 2016 and 2019.
Read More »Manually install OpenSSH in Windows Server Quickly and dirty determine if a condition is true or false in PowerShell 5.1 by emulating the ternary operator. For example when determinering if the server you are servicing is a Windows Server Desktop Experience version or not (and thus Server Core):
Read More »Emulate ternary operator in PowerShell When WSUS downloads are slow
WSUS uses BITS for downloading updates, and it does so in background mode. Unfortunately, this utilizes remaining bandwidth of the server instead of its full capacity. To speed up WSUS downloads, you can configure BITS in WSUS to use foreground priority.
Read More »Force BITS to download WSUS updates in the foreground in Windows Server Protect your privileged admin credentials!
Microsoft has published guidance on the easiest way to secure privileged access in Windows Server.
Read More »Securing privileged access
How to install and configure Hugo for static site development in WSL on Windows 10.
Do you find it too difficult to install Go or Hugo in Windows for your static site development? Have you tried Windows Subsystem for Linux (WSL) 2? Using a default Ubuntu 20.04, it is pretty easy to install Hugo, set up your development environment and configure Hugo to listen on your Ubuntu’s IP address instead of localhost / 127.0.0.1. This makes your Hugo development site accessible for browsers in Windows 10. Neat, right?
Read More »Hugo development environment in WSL 2 In recent days, there are a number of reports about broken Yoast SEO database operations, related to the DeleteDuplicateIndexables function. The PHP function is located in the file wordpress-seo\src\config\migrations\20200507054848_DeleteDuplicateIndexables.php, and in this post I’ll provide you with a possible fix for this statement. Read on.
Show the number of registered WordPress users in At-a-Glance widget
Often when a WordPress site is compromised, the website owner doesn’t notice anything strange at first. First a lot of users are created, and it’s only later when posts filled with spam are created or existing pages/posts edited. In the time between compromise and creation of spam posts, a website owner might notice an increased number of users. If he has the means to. And that’s what this little plugin does.
Read More »Count and display number of WordPress users in your Dashboard
On a daily bases, new vulnerabilities are found in WordPress plugins. And when you host thousands of WordPress sites, you can count on the fact you have some customers using that vulnerable version of that particular plugin. So you need to find those vulnerable versions on your servers fast. On Windows Server, PowerShell is a perfect tool for the job!
Read More »Find vulnerable WordPress plugin versions fast using PowerShell