Sysadmins of the North

Discuss about sysadmin, security, website or WordPress, MySQL optimization, performance, Windows Server and IIS web server

Send authenticated email over TLS from Zen Cart — 24 April 2015
XSS Vulnerability Affecting Multiple WordPress Plugins — 20 April 2015

XSS Vulnerability Affecting Multiple WordPress Plugins

Where the Vevida Optimizer WordPress plugin kept plugins on all my WordPress sites up-2-date

Sucuri reports that multiple WordPress plugins are vulnerable to Cross-site Scripting (XSS) due to the misuse of the add_query_arg() and remove_query_arg() functions. These are popular functions used by developers to modify and add query strings to URLs within WordPress. If you haven’t configured automatic updates for WordPress plugins, please update NOW!

Continue reading

Secure WordPress uploads folder, disable PHP execution — 19 April 2015

Secure WordPress uploads folder, disable PHP execution

Securing WordPress uploads folder is important, because: In many hacked WordPress sites, a PHP backdoor is found within the WP_CONTENT_DIR/uploads directory. Often because this is the location where uploads are placed automatically. From the backdoor within wp-content/uploads other backdoors are uploaded to various locations, and scripts are injected with malware.

The following PHP function will disable the execution of PHP scripts in WordPress’ wp-content/uploads, on IIS web servers.
Continue reading

Critical Magento Shoplift Vulnerability (SUPEE-5344) —
“Statistics Will Crack Your Password” — 18 April 2015
Polymorphic Beebone botnet sinkholed in international police operation — 12 April 2015
Vevida WordPress Optimizer plugin —

Vevida WordPress Optimizer plugin

Easily configure automatic updates from the WordPress Dashboard, and modernize your MySQL database.

Installing WordPress is one thing, keeping it up to date is something else. Each week brings new bugs or potential attack scenarios that will make a WordPress website vulnerable to hacks. Enabling automatic updates for all or at least most parts of WordPress solves a large number of problems with irregularly maintained WordPress websites.

Continue reading