PHP Archives - Sysadmins of the North

A plea for WordPress plugin developers to stop supporting legacy PHP versions

Jan Reilink on 21 March 2018

“A plea for plugin developers to stop supporting legacy PHP versions” (hear! hear!), Jeff Chandler writes on WP Tavern. Iain Poulson has published a thoughtful request on the Delicious Brains blog asking WordPress plugin developers to stop supporting legacy PHP versions. He covers some of the benefits of developing with newer versions of PHP, what Delicious Brains is doing with its plugins, and using the Requires Minimum PHP Version header in readme.txt.

Fatal error: Uncaught Error: [] operator not supported for strings – PHP 7.1

Jan Reilink on 2 March 2018

With PHP 7.1, some PHP web applications fail because of deprecated code usage. This may result in an error message like [] operator not supported for strings for various Joomla! components. Here’s how to fix this code for PHP 7.1+.

Set WP_MEMORY_LIMIT value correctly in wp-config.php

Jan Reilink on 26 February 2018

WordPress developers: please stay away from WP_MEMORY_LIMIT and PHP memory_limit settings! We see this done wrong over and over in WordPress plugins and themes. One of such themes is the premium theme Jupiter by Artbees, or WPML as plugin. WordPress users: don’t touch these memory limitation settings either! They’re imposed for a reason. Here’s some explanation:

Remove Jetpack email sharing service

Jan Reilink on 19 May 2017

Recently the WordPress Jetpack email sharing service is often abused by spammers. They use the Send to Email Address for sending spam. All these kind of “Tell a Friend” scripts are abused a lot. Here is how to disable email share service in WordPress Jetpack.

Check WordPress Core files integrity

Jan Reilink on 16 December 2016

Check the md5 checksum of WordPress Core files against WordPress’ checksums API, using this standalone PHP file. I chose to use a standalone PHP script to check the md5sum of WordPress Core files against the API so you’re not dependent on a possibly hacked WordPress installation. This kind of guarantees the result can be trusted, as opposed to using a WordPress plugin. I think this is a better integrity check of WordPress Core files.

Joomla! (< 3.6.4) Account Creation/Elevated Privileges write-up and exploit

Jan Reilink on 27 October 2016

Yesterday, Melvin Lammerts wrote an article on the account creation with elevated privileges vulnerability in Joomla! < 3.6.4. And included a PoC exploit. This Joomla! vulnerability makes it easy for an attacker to create an user account, even when user registration is turned off. Yikes!

Clear PHP opcode caches before WordPress Updates: ease the updating process

Jan Reilink on 19 October 2016

In various hosting environments, WordPress core-, plugin- and theme updates sometimes fail because of enabled opcode caches. Popular PHP opcode caches are OPcache, WinCache and APC. This little WordPress Must Use Plugin tries to flush opcode caches. Making your live a bit easier when updating WordPress Core, Plugins and Themes.

The WinCache effect: Save with object caching

Jan Reilink on 9 October 2016

WinCache, or the Windows Cache Extension for PHP, is a PHP accelerator that is used to significantly increase the speed of PHP applications running on Windows Server IIS. Besides increasing the speed of PHP applications, WinCache decreases CPU usage making it a win win situation extension. I’ve described how to run PHP with WinCache on IIS in an earlier post.

Benchmarking WordPress, simple load & speed testing with ApacheBench

Jan Reilink on 9 October 2016

WordPress load testing with ApacheBench. ab is a small benchmark utility that comes with Apache. It’s a really simple HTTP load generating tool, ideal for a simple WordPress load & speed test. How fast does your WordPress site respond? How many HTTP requests per second can your server handle? These are questions on which ab can shed some light.

Measure WordPress loading time and queries

Jan Reilink on 9 October 2016

How to measure WordPress’ loading time and executed database queries? During an HTTP request, WordPress executes a lot of queries on your MySQL database. Not just the database queries take time, also loading and executing PHP takes time. How do you measure this?

How to optimize your WordPress hosting – 9+ practical tips

Jan Reilink on 31 August 2016

Isn’t it true that, when you (start to) develop WordPress websites for clients, and you host them yourself, you find yourself in a situation where you need to know a lot about “stuff” other than WordPress development? In this optimizing WordPress hosting post, I provide 9+ practical tips for you, to improve WordPress hosting performance. Especially useful if you plan to develop and host WordPress websites yourself.

“How we broke PHP, hacked Pornhub and earned $20,000”

Jan Reilink on 24 July 2016

This is a very interesting read on how Dario Weißer (@haxonaut), cutz and Ruslan Habalov (@evonide) were able to find a PHP unserialize bug to exploit and gain remote code execution on Pornhub. Pornhub’s bug bounty program is at Hackerone In stead of actively attacking Pornhub, they took another road and attacked what Pornhub is built upon: PHP.

Binary webshell through OPcache in PHP 7

Jan Reilink on 28 April 2016

GoSecure wrote up a new PHP exploitation technique using the default OPcache engine from PHP 7. Using this attack vector, it’s possible to bypass certain hardening techniques that disallow the file write access in the web directory. This could be used by an attacker to execute his own malicious code in a hardened environment.

How to install Microsoft’s SQL Server Driver for PHP

Jan Reilink on 13 April 2016

In this article I’ll show you how to install the Microsoft SQL Server Driver for PHP 5.6 and PHP 7. This makes the use of an SQL Server database back-end for your PHP website easy. If you want to communicatie with SQLServer from PHP you need to rely on some additional software and PHP extensions. This post walks you through the steps necessary to install the SQL Server driver and SQLSRV extension for PHP 5.6 and PHP 7, on Windows Server IIS of course.

Optimize WordPress MySQL tables through Cron, behind the scenes

Jan Reilink on 4 March 2016

To regularly optimize my WordPress database tables, I created a small plugin that utilizes the WordPress Cron feature. This comes in handy to perform database optimization for WordPress on a regular basis, without forgetting about it. Just activate and enjoy. And here is the plugin code …