Posted inWeb application security WordPress
Check WordPress Core files integrity
Learn the importance of checking and verifying WordPress Core PHP files md5 checksums against WordPress' checksums API, using this standalone PHP file.
Posted inWindows Server
Enable NTFS long paths GPO in Windows Server 2022, 2019 and Windows Server 2016
With Windows Server 2016 released, we can finally lift the idiotic 260 characters limitation for NTFS paths. In this post I'll show you how to configure the "Enable Win32 long paths" Group Policy, and how to make the "LongPathsEnabled" change in the Windows registry. The NTFS long paths GPO is also still required for Windows Server 2022 and 2019.
Posted inWordPress
Clear PHP opcode caches before WordPress Updates: ease the updating process
If stale or cached content is still an issue with OPcache then here is how to add a must-use plugin that will clear it before you upgrade. This little WordPress Must Use Plugin tries to flush opcode caches, making your live a bit easier when updating WordPress Core, Plugins and Themes.
Posted inWordPress
The WinCache effect: Save with object caching
WinCache, or Windows Cache Extension for PHP, is a PHP accelerator that is used to significantly increase the speed of PHP applications running on Windows Server IIS. Besides increasing the speed of PHP applications, WinCache decreases CPU usage making it a win win situation extension.
Posted inWordPress
Benchmarking WordPress, simple load & speed testing with ApacheBench
Load test and benchmark WordPress loading speed with ApacheBench. The ab command is a small benchmark utility that comes with Apache. It's a really simple HTTP load generating tool, ideal for a simple WordPress load & speed test.
Posted inWordPress
Measure WordPress loading time and queries
How to measure WordPress' loading time and executed database queries? During an HTTP request, WordPress executes a lot of queries on your MySQL database. Not just the database queries take time, also loading and executing PHP takes time.
Posted inWindows Server
Intrusion Detection with Windows Event ID’s
This paper is the best I have ever read on how to build IOC’s with Windows Event ID’s. I highly recommend you to read it, it contains very useful information and some very interesting behavioral examples of attacker activity. If you are looking to enhance your detection in your core network this is the document!
Posted inWordPress
Tips to speed up WordPress, serve gzip compressed static HTML files
Who said WordPress is slow on Windows Server IIS? Gzip compress and serve WP-Super-Cache or Cache Enabler static HTML files, to supercharge your WordPress blog. Here is how to serve gzip compressed HTML files through Windows Server IIS: create smaller, compressed, static HTML files, that are downloaded faster. This works with WP-Super-Cache and Cache Enabler on IIS!
Posted inWordPress
Optimized WordPress hosting (9+ practical tips)
WordPress optimized hosting is a subject on which a lot is written about. And therefore, this post is not about where to host your WordPress blog, or who offers the best WordPress hosting. This post is for you developers, what you can do to optimize your WordPress hosting. This post is not about setting up high-availability, fail-over, clustering, IIS versus Nginx versus Apache, RAID 1, 5, 6, 10, different types of storage, and so on. It’s about solving performance issues.
Posted inWeb application security
WordPress advisory: Akal premium theme XSS vulnerability
This post describes the Akal premium WordPress theme XSS vulnerability that I discovered. The theme suffers from a reflected Cross Site Scripting (XSS) vulnerability that would allow an attacker to steal an admin's cookie, if WordPress wasn't secured against that type of attacks.
Posted inWindows Server
5 Extra ways to clean up disk space in Windows Server
Disk cleanup in Windows Server using DISM is one of the most popular posts here on Saotn.org. It is still valid for Windows Server 2016 and up. So apparently, disk space usage is an issue in Windows Server. Which made me wonder: what more ways to clean up disk space in Windows Server are there?
Posted inPowerShell
List all MAC addresses of all Hyper-V Virtual Machines
Learn how to list all MAC address of all VM's in Hyper-Vusing PowerShell. You sometimes need to list and get all MAC addresses of all Hyper-V virtual machines in your network, either for your administration or provisioning. Here is how.
Posted inWeb application security
“How we broke PHP, hacked Pornhub and earned $20,000”
This is a very interesting read on how Dario Weißer (@haxonaut), cutz and Ruslan Habalov (@evonide) were able to find a PHP unserialize bug to exploit and gain remote code execution on Pornhub. Pornhub’s bug bounty program is at Hackerone. Instead of actively attacking Pornhub, they took another road and attacked what Pornhub is built upon: PHP.
Posted inWordPress
SSL in WordPress: how to move WordPress to HTTPS? The definitive guide
Having an SSL certificate in your WordPress is the de-facto standard nowadays, did you know that? Google ranks sites having HTTPS higher in their SERP. But in WordPress, how do you configure an SSL certificate and HTTPS URL? You'll learn the important steps to move WordPress from http to https
Posted inMySQL
MySQL InnoDB performance improvement: InnoDB buffer pool instances – Updated!
Are you running into MySQL load problems? Learn how to optimize MySQL InnoDB Buffer Pool for a heavy InnoDB workload by configuring innodb_buffer_pool_instances and increasing read/write I/O threads. Dividing the InnoDB buffer pool into multiple instances can improve Disk I/O. By doing so, you run your database more efficiently and faster. Here is a little help for you.