The WordPress WP-Super-Cache cache plugin doesn’t minify HTML cache files, which I find a disadvantage. Knowing minify libraries, I went looking for an existing solution (why reinvent the wheel?), and found one: WPSCMin. Read on …
The Joomla security team have just released a new version of Joomla to patch a critical remote command execution vulnerability that affects all versions from 1.5 to 3.4. This is a serious vulnerability that can be easily exploited and is already in the wild.
Fox-IT writes in a blogpost Ponmocup – A giant hiding in the shadows: Ponmocup, first discovered in 2006 as Vundo or Virtumonde, is one of the most successful botnets of the past decade, in terms of spread and persistence. The reasons why this botnet is considered highly interesting are that it is sophisticated, underestimated and is currently largest in size and aimed at financial gain.
OpenSSL comes in handy when you need to create (pseudo) random passwords, for example for system accounts and services. In this short post I’ll give you a quick example on how to generate random passwords with OpenSSL…
Fix always_populate_raw_post_data ($HTTP_RAW_POST_DATA) errors when upgrading to Magento 2.0 with PHP 5.6. Magento 2.0 requires PHP’s
always_populate_raw_post_data to be disabled, or set to
-1 in your php.ini file. Since PHP 5.6, the use of
$HTTP_RAW_POST_DATA is deprecated and will be removed in PHP 7.0. However, in PHP 5.6, this setting is commented out, making it equal to 0, not -1, causing errors when you try to install Magento 2.0.
Marcin Probola conducted a PHP static code analysis of the top ~1000 WordPress plugins, and the results showed 103 plugins were vulnerable to at least one vulnerability type (XSS, SQL injection). This is roughly 10 percent! Marcin Probola writes that scanning results were manually verified in his spare time and delivered to official email@example.com from 04.07.2015 to 31.08.2015. Most of reported plugins are already patched, some are not. Vulnerable and not patched plugins are already removed from official wordpress plugin repository.
Imperva’s Web Application Attack Report shows spam is WordPress’ largest security threat. Imperva, an international cyber security company founded in 2002, published its 2015 web application attack report. The report includes a thorough analysis of attack data obtained through its Web Application Firewall (or WAF).
Here is how you can verify whether an external command in PowerShell was executed successfully or not. Simply by verifying PowerShell’s return value, or exit code…
Rewrite and proxy HTTP requests in IIS. In my case scenario, I had to proxy requests on IIS, because a website was moved from web server A to B, and the DNS wasn’t updated yet. All HTTP requests for the moved website are handled in IIS’ Default Web Site; that’s the wildcard host, and the original host no longer existed there. We needed to match our website and proxy those requests to the new IIS web server. This can either be done using a proxy with URL Rewrite, IIS Application Request Routing (ARR), or a
.htaccess file handled by Helicon Ape.
John Blackbourn writes to Make WordPress Core that a small change to
add_rewrite_rule() in  means that in the upcoming WordPress 4.4 an array can be passed as the second parameter instead of a query string…
Retrieve the virtual machine’s serial number with PowerShell. Sometimes you need to have the serial number of a Hyper-V virtual machine (VM, or guest). We, for instance, use this serial number in our automatic, unattended deployment of the guest operating system. But then you need to know how to find this serial number…
Aaron Jorbin writes to Make WordPress Core about WordPress and PHP7 (I run PHP7 and WordPress for quite some time on Saotn.org, and I think its a great step forward). For the last few months, WordPress Core has been getting ready for the upcoming release of PHP7. PHP7 is bringing a host of improvements to PHP. One of the most notably is substantial performance improvements. Benchmarks of WordPress using PHP7 are showing a 2-3x speed improvement compared to PHP5.6.
Keep Saotn.org posts close to keep ahead.
The feedly news reader app for Android is a great way to have all Saotn.org posts available on your smartphone. Feedly news reader is basically just an RSS-feed reader that you can install on your smartphone or tablet. In just a few steps you add the Saotn.org RSS feed to your favorite newspapers, magazines and blogs.
The Baidu spider (BaiduSpider user agent) can be a real pain to block, especially since it does not respect a robots.txt as it should. The following IIS URL Rewrite snippet blocks the Baidu spider based on its User-Agent string.