Posted inCode base

How to: Test MySQL database connectivity in ASP.NET, PHP, ASP

Test MySQL database connectivity in ASP.NET, PHP, ASP; Simple MySQL connection test from your website with ASP.NET, PHP & classic ASP. Whenever you need a MySQL connectivity test from a website or server, it's handy to have various test scripts nearby. Whether it is because you are setting up a new website or you have just installed a new server and are running your tests.
26/05/2014Posted inCode base
Posted inWordPress

Minify JavaScript, CSS and compress images

Optimizing, minify and compressing JavaScript and CSS files, the easy and fast way? With YUI Compressor on the Windows-, Linux- and macOS command line of course! Compacting HTML, CSS, and JavaScript can speeds up your website because of smaller and faster downloads, parsing, and execution time. Fire-and-forget JavaScript and CSS minification and optimization
18/05/2014Posted inWordPress
Posted inWeb application security

Test SMTP Authentication and StartTLS

Investigate SMTP authentication issues like a boss! Particular over TLS encrypted SMTP connections, it's always handy if you are able to test the SMTP authentication and StartTLS connection. Preferably from your command line. This post shows you how to test SMTP servers, create base64 encoded logon information, verify SMTP authentication over an opportunistic TLS connection, all from the Linux and Windows command line using OpenSSL.
17/05/2014Posted inWeb application security
Microsoft Internet Information Services logo
Posted inWindows Server

IIS Outbound Rules with gzip compression

Learn how to use URL Rewrite Outbound Rules in IIS, to offload content from a different server or host name. This way IIS with URL Rewrite acts as a reverse proxy. Add gzip compression to the mix, and this will improve website performance. In this post, I'll also show you how to fix the URL Rewrite Module error "Outbound rewrite rules cannot be applied when the content of the HTTP response is encoded ("gzip")." in IIS.
13/05/2014Posted inWindows Server
prettyPhoto DOM XSS on Saton.org
Posted inWeb application security

prettyPhoto DOM based XSS

prettyPhoto DOM based XSS on Saotn.org... This evening, after tweeting about preventing cross site scripting vulnerabilities, I received a reply from Olivier Beg. His reply to my tweet contained an image, as you can see above. He alerted me that Saotn.org was vulnerable to a DOM based XSS vulnerability, hidden in prettyPhoto used by my WordPress theme. Whoops! So, I had work to do! But, what is prettyPhoto and what exactly is a DOM based XSS?
04/05/2014Posted inWeb application security
Posted inWordPress

WordPress wp_options table autoload micro-optimization

The autoload feature loads and caches all autoloaded options, if available, or all options. The default option is to autoload, and over time when the wp_options table grows, this degrades performance. Today I noticed a slow MySQL query coming from a WordPress database (WordPress wp_options table). This made me investigate and to optimize the WordPress wp_options table "autoload" feature.
02/05/2014Posted inWordPress
Posted inWordPress

Install WordPress plugins without WP-admin access

Install WordPress plugins without admin access, and automate your WordPress customization and plugin installation. WordPress has a little drop-in plugin option available in the form of /wp-content/install.php. This install.php file is not present at default, but when created it can be used to install plugins without wp-admin access. This might come in handy for unattended WordPress installations, customization, and so on.
30/04/2014Posted inWordPress
Posted inWordPress

How to clean up Contact Form 7 temporary captcha files on IIS web servers

Contact Form 7 is a WordPress plugin that provides a simple but flexible contact form. On IIS, Contact Form 7 captcha has one HUGE disadvantage: temporary captcha files placed in wp-content/uploads/wpcf7_captcha, are not automatically removed. The files are made read only. Here is how to remove Contact Form 7 temporary captcha files on IIS...
28/04/2014Posted inWordPress
Posted inCode base

Set or remove the read-only attribute assigned to files with PHP chmod

Chmod.php, change file attributes with PHP, to make files read only or normally accessible on Windows IIS servers. Sometimes you need chmod to make files read only on your website, or make them normally accessible in case they already are read only. For instance Drupal's settings.php configuration file, or WordPress Contact Form 7 temporary captcha files, are examples of read-only files.
27/04/2014Posted inCode base
Posted inCode base

Validate MIME types with PHP Fileinfo

How to check the file type in PHP and secure file uploads: it is important to validate MIME types in PHP. Especially of files uploaded through an upload form to your website. Using PHP, the best way to validate MIME types is with the PHP extension Fileinfo. Any other method might not be as good or secure as you might think.
27/04/2014Posted inCode base
Umbraco Project Belle
Posted inUmbraco

Configure SQLServer sessionState for Umbraco

Prepare your Umbraco website for high performance web garden or web farm and load balancing environments: Store your sessions out-of-process (OutProc). As opposed to the default in-process (inProc) sessions, where sessions are saved in the worker process. Create a high performing, fast loading Umbraco website.
23/04/2014Posted inUmbraco