WordPress Is the Most Attacked CMS Application

Shares

Imperva’s Web Application Attack Report shows spam is WordPress’ largest security threat. Imperva, an international cyber security company founded in 2002, published its 2015 web application attack report. The report includes a thorough analysis of attack data obtained through its Web Application Firewall (or WAF).

Continue reading

PowerShell return value, exit code, or ErrorLevel equivalent

Shares

Here is how you can verify whether an external command in PowerShell was executed successfully or not. Simply by verifying PowerShell’s return value, or exit code…

Continue reading

RewriteProxy with .htaccess in IIS

Share

Rewrite and proxy HTTP requests in IIS. In my case scenario, I had to proxy requests on IIS, because a website was moved from web server A to B, and the DNS wasn’t updated yet. All HTTP requests for the moved website are handled in IIS’ Default Web Site; that’s the wildcard host, and the original host no longer existed there. We needed to match our website and proxy those requests to the new IIS web server. This can either be done using a proxy with URL Rewrite, IIS Application Request Routing (ARR), or a .htaccess file handled by Helicon Ape.

Continue reading

add_rewrite_rule() accepts an array of query vars in WordPress 4.4

Shares

John Blackbourn writes to Make WordPress Core that a small change to add_rewrite_rule() in [34708] means that in the upcoming WordPress 4.4 an array can be passed as the second parameter instead of a query string…

Continue reading

Get Hyper-V guest serial number with PowerShell

Shares

Retrieve the virtual machine’s serial number with PowerShell. Sometimes you need to have the serial number of a Hyper-V virtual machine (VM, or guest). We, for instance, use this serial number in our automatic, unattended deployment of the guest operating system. But then you need to know how to find this serial number…

Continue reading

WordPress and PHP7

Share

Aaron Jorbin writes to Make WordPress Core about WordPress and PHP7 (I run PHP7 and WordPress for quite some time on Saotn.org, and I think its a great step forward). For the last few months, WordPress Core has been getting ready for the upcoming release of PHP7. PHP7 is bringing a host of improvements to PHP. One of the most notably is substantial performance improvements. Benchmarks of WordPress using PHP7 are showing a 2-3x speed improvement compared to PHP5.6.

Continue reading

Feedly Saotn.org RSS feed on Android

Share

Keep Saotn.org posts close to keep ahead.

The feedly news reader app for Android is a great way to have all Saotn.org posts available on your smartphone. Feedly news reader is basically just an RSS-feed reader that you can install on your smartphone or tablet. In just a few steps you add the Saotn.org RSS feed to your favorite newspapers, magazines and blogs.

Continue reading

Block BaiduSpider bot User-Agent

Shares

The Baidu spider (BaiduSpider user agent) can be a real pain to block, especially since it does not respect a robots.txt as it should. The following IIS URL Rewrite snippet blocks the Baidu spider based on its User-Agent string.

Continue reading

Optimize PHP’s OPcache configuration

Shares

How to make PHP OPcache perform even better! Now that you have optimized your PHP realpath_cache_size configuration, it is time to fine-tune OPcache. With just a few tweaks you can make OPcache perform much better, and here is how…

Continue reading

BIND 9.x vulnerable for remote Denial of Service through a magic packet

Shares

A vulnerability in BIND, and all it takes is just one tiny little packet…

BIND 9.x is vulnerable for a remote Denial of Service, where a tiny magic packet can cause BIND 9.x to stop and exit named with a REQUIRE assertion failure. All the attacker needs to send is a specially – and deliberately – constructed packet to exploit an error in the handling of queries for TKEY records. The vulnerability in BIND will crash and take down the BIND named daemon…

Continue reading

Multiple critical vulnerabilities in PHP File Manager

Shares

Revived Wire Media’s PHP File Manager got some issues…

Sijmen Ruwhof, who also analysed the malware spread through NU.nl back in 2012, found some serious security vulnerabilities in a PHP web application called “PHP File Manager”. One, among others, is a backdoor for Revived Wire Media to use. How sick is that?! Another vulnerability makes it easy to download confidential files.

Continue reading

WordPress JSON REST API, talk to me baby!

Shares

Saotn.org now provides the WordPress REST API (WP API), for you to use my posts to fill your website. How great is that?! :) But what is a REST API exactly, and what can I do with it?

Continue reading

Conditional analytics tracking code in WordPress multisite

Shares

In my WordPress multisite, I use one theme for three sites and Piwik for analytics. Unfortunately I can’t use the WP-Piwik plugin – yet – to add the tracking code to my websites, because my websites are on SSL (I think). Here is how I used a condition in my functions.php to add the tracking code for Piwik Analytics or Google Analytics.

Continue reading

Add a delay to your WordPress login form

Shares

It is important to protect your WordPress website from brute-force attacks, and various security plugins exist in doing so. For the purpose of this article, I modified the WordPress Login Delay plugin with a fixed delay of three seconds for my wp-login.php page. This provides you with an easy to use method of protecting your WordPress login form (but do read the caveats!).

Continue reading

HackBack! Hacking demystified

Share

A DIY Guide for those without the patience to wait for whistleblowers. A nice article written by¬†0x27 on “0wning” (hacking) Gamma Group, the maker of FinFisher spyware.

Continue reading