Sysadmin, Windows Server, IIS, security, website & WordPress, MySQL, optimization
In various hosting environments, WordPress core-, plugin- and theme updates sometimes fail because of enabled opcode caches. Popular PHP opcode caches are OPcache, WinCache and APC. This little WordPress Must Use Plugin tries to flush opcode caches. Making your live a bit easier when updating WordPress Core, Plugins and Themes.
Continue reading “Clear PHP opcode caches before WordPress Updates: ease the updating process”
WinCache, or the Windows Cache Extension for PHP, is a PHP accelerator that is used to significantly increase the speed of PHP applications running on Windows Server IIS. Besides increasing the speed of PHP applications, WinCache decreases CPU usage making it a win win situation extension. I’ve described how to run PHP with WinCache on IIS in an earlier post.
Continue reading “The WinCache effect: Save with object caching”
ApacheBench, or ab, is a small benchmark utility that comes with Apache. It’s a really simple HTTP load generating tool, ideal for a simple WordPress load & speed test. How fast does your WordPress site respond? How many HTTP requests per second can your server handle? These are questions on which ab can shed some light.
Continue reading “Benchmarking WordPress, simple load & speed testing with ApacheBench”
How to measure WordPress’ loading time and executed database queries? During an HTTP request, WordPress executes a lot of queries on your MySQL database. Not just the database queries take time, also loading and executing PHP takes time. But how does one measure this?
Continue reading “Measure WordPress loading time and queries”
Found via cyber-ir.com: This paper is the best I have ever read on how to build IOC’s with Windows Event ID’s. I highly recommend you to read it, it contains very useful information and some very interesting behavioural examples of attacker activity. If you are looking to enhance your detection in your core network this is the document!
Continue reading “Intrusion Detection with Windows Event ID’s”
Who said WordPress is slow on Windows Server IIS? Gzip compress and serve WP-Super-Cache or Cache Enabler static HTML files, to supercharge your WordPress blog. Here is how to serve gzip compressed HTML files through Windows Server IIS: create smaller, compressed, static HTML files, that are downloaded faster. This works with WP-Super-Cache and Cache Enabler on IIS!
Continue reading “Tips to speed up WordPress, serve gzip comressed static HTML files”
Isn’t it true that, when you (start to) develop WordPress websites for clients, and you host them yourself, you find yourself in a situation where you need to know a lot about “stuff” other than WordPress development? In this optimize your WordPress hosting post, I provide 10 practical tips for you, to improve WordPress hosting performance. Especially useful for when you plan to host WordPress websites yourself. Read on to learn how I optimize my WordPress hosting, and how you can do the same.
Continue reading “How to optimize your WordPress hosting – 9+ practical tips”
Here are the Top 51 Most Visited Posts on Sysadmins of the North. It is a dynamic, ever changing list. This list of high rated and interesting posts is compiled using Jetpack’s statistics and a nifty shortcode function by WebDevStudios.com. Have a look at them, you might have missed an interesting one!
Continue reading “Top 51 Most Visited Posts on Sysadmins of the North”
Over the course of one week I had the opportunity to audit two hacked WordPress websites. I could quickly discover two vulnerabilities: a Cross Site Scripting, or XSS, in a premium WordPress theme Akal
, and a SQL injection Denial-of-Service in a later to be disclosed plugin. This post describes the Akal theme XSS vulnerability.
Continue reading “WordPress advisory: Akal premium theme XSS vulnerability & abandonded”
Disk cleanup in Windows Server 2012 (R2) using DISM is one of the most popular posts here on Saotn.org. It’s also valid for Windows Server 2016. So apparently, disk space usage is an issue on Windows Server. And that made me wonder: what more ways to clean up disk space in Windows Server are there?
Continue reading “5 Extra ways to clean up disk space in Windows Server”
Pen Test Partners writes about IoT and security in the Samsung smart camera SNH-6410BN. They discovered eleven (11) issues, chained together to gain root access. Got r00t?
Continue reading “Samsung’s smart camera. A tale of IoT & network security”
You sometimes need to list and get all MAC addresses of all Hyper-V virtual machines in your network. Either for your Hyper-V administration or provisioning if you don’t set an unique MAC address automatically. Here is how to get all those MAC addresses easily with PowerShell.
Continue reading “List all MAC addresses of all Hyper-V Virtual Machines”
Mark O’Shea writes on TechNet that the licensing model for Standard and Datacenter were changed with Windows Server 2016, and he introduces the changes. The information is pulled from the Windows Server 2016 Licensing Datasheet, and if you need more details you can also download the Windows Server 2016 and System Center 2016 licensing FAQ. Spoil alert (tl;dr): you’ll be paying on a core-basis, instead of per CPU.
This is a very interesting read on how Dario Weißer (@haxonaut), cutz and Ruslan Habalov (@evonide) were able to find a PHP unserialize bug to exploit and gain remote code execution on Pornhub. Pornhub’s bug bounty program is at Hackerone In stead of actively attacking Pornhub, they took another road and attacked what Pornhub is built upon: PHP.
Continue reading ““How we broke PHP, hacked Pornhub and earned $20,000””
How to add SSL and HTTPS in your WordPress site, the definitive guide! Did you know that having an SSL certificate on your website is the de-facto standard nowadays? Google ranks sites having HTTPS -or an SSL certificate- higher in their SERP. But in WordPress, what do you need to do to set up and install an SSL certificate in your WordPress website? You’ll learn the important steps to move WordPress from http to https in this post.
Continue reading “SSL in WordPress: how to move your WordPress site to HTTPS? The definitive guide”