High-risk vulnerabilities in TheCartPress leaves WordPress sites at risk

TheCartPress eCommerce Shopping Cart – a popular WordPress e-commerce plugin that is actively used on over 5,000 websites – contains high-risk vulnerabilities that can be exploited to compromise customers’ data, execute arbitrary PHP code, and perform Cross-Site Scripting attacks against users of WordPress installations, claim High-Tech Bridge researchers. Users are advised to disable or remove the plugin.

Read more

Tunnel RDP through SSH

Remote Desktop via Putty SSH Tunnel. In a situation where you need to perform remote administration on a Windows Server, and the RDP port 3389 is blocked on a firewall, you can tunnel Remote Desktop through an SSH tunnel with PuTTY. This particularly comes in handy when there is no VPN available to the remote network…

Read more

Send authenticated email over TLS from Zen Cart

Zen Cart is an open source shopping cart software. Unfortunately, Zen Cart has had some difficulties in the past sending authenticated SMTP email from a website. Here is how to let Zen Cart send email over an encrypted TLS connection, when the following condition is met: StartTLS is required. Since Zen Cart v1.5.2 StartTLS support is available.

Read more

XSS Vulnerability Affecting Multiple WordPress Plugins

Where the Vevida Optimizer WordPress plugin kept plugins on all my WordPress sites up-to-date: Sucuri reports that multiple WordPress plugins are vulnerable to Cross-site Scripting (XSS) due to the misuse of the add_query_arg() and remove_query_arg() functions. These are popular functions used by developers to modify and add query strings to URLs within WordPress. If you haven’t configured automatic updates for WordPress plugins, please update NOW!

Read more

Secure WordPress uploads folder, disable PHP execution

Securing WordPress uploads folder is important, because: In many hacked WordPress sites, a PHP backdoor is found within the WP_CONTENT_DIR/uploads directory. Often because this is the location where uploads are placed automatically. From the backdoor within wp-content/uploads other backdoors are uploaded to various locations, and scripts are injected with malware.

The following PHP function will disable the execution of PHP scripts in WordPress’ wp-content/uploads, on IIS web servers.
Read more

Vevida WordPress Optimizer plugin

Easily configure automatic updates from the WordPress Dashboard, and modernize your MySQL database.

Installing WordPress is one thing, keeping it up to date is something else. Each week brings new bugs or potential attack scenarios that will make a WordPress website vulnerable to hacks. Enabling automatic updates for all or at least most parts of WordPress solves a large number of problems with irregularly maintained WordPress websites.

Read more

Monitor Windows services with PowerShell

Monitor Windows Servers with PowerShell: start, stop, restart services with PowerShell’s Get-Service and Start-Service cmdlets. As a Windows Server and IIS administrator, you’ll want your Windows services to run at all times. One can monitor Windows services in many, many, ways. Some of our customers websites may depend on certain services, which may be hard to monitor externally. For those Windows services that need local monitoring, I like to schedule a PowerShell script. Here is one…

Read more