Recently the WordPress Jetpack email sharing service is often abused by spammers. They use the Send to Email Address for sending spam. All these kind of “Tell a Friend” scripts are abused a lot. Here is how to disable email Services service.
Check WordPress Core files integrity
Check the md5 checksum of WordPress Core files against WordPress’ checksums API, using this standalone PHP file. I chose to use a standalone PHP script to check the md5sum of WordPress Core files against the API so you’re not dependent on a possibly hacked WordPress installation. This kind of guarantees the result can be trusted, as opposed to using a WordPress plugin. I think this is a better integrity check of WordPress Core files.
Clear PHP opcode caches before WordPress Updates: ease the updating process
In various hosting environments, WordPress core-, plugin- and theme updates sometimes fail because of enabled opcode caches. Popular PHP opcode caches are OPcache, WinCache and APC. This little WordPress Must Use Plugin tries to flush opcode caches. Making your live a bit easier when updating WordPress Core, Plugins and Themes.
Continue reading “Clear PHP opcode caches before WordPress Updates: ease the updating process”
The WinCache effect: Save with object caching
WinCache, or the Windows Cache Extension for PHP, is a PHP accelerator that is used to significantly increase the speed of PHP applications running on Windows Server IIS. Besides increasing the speed of PHP applications, WinCache decreases CPU usage making it a win win situation extension. I’ve described how to run PHP with WinCache on IIS in an earlier post.
Continue reading “The WinCache effect: Save with object caching”
Benchmarking WordPress, simple load & speed testing with ApacheBench
ApacheBench, or ab, is a small benchmark utility that comes with Apache. It’s a really simple HTTP load generating tool, ideal for a simple WordPress load & speed test. How fast does your WordPress site respond? How many HTTP requests per second can your server handle? These are questions on which ab can shed some light.
Continue reading “Benchmarking WordPress, simple load & speed testing with ApacheBench”
Measure WordPress loading time and queries
How to measure WordPress’ loading time and executed database queries? During an HTTP request, WordPress executes a lot of queries on your MySQL database. Not just the database queries take time, also loading and executing PHP takes time. But how does one measure this?
Continue reading “Measure WordPress loading time and queries”
How to optimize your WordPress hosting – 9+ practical tips
Isn’t it true that, when you (start to) develop WordPress websites for clients, and you host them yourself, you find yourself in a situation where you need to know a lot about “stuff” other than WordPress development? In this optimize your WordPress hosting post, I provide 10 practical tips for you, to improve WordPress hosting performance. Especially useful for when you plan to host WordPress websites yourself. Read on to learn how I optimize my WordPress hosting, and how you can do the same.
Continue reading “How to optimize your WordPress hosting – 9+ practical tips”
“How we broke PHP, hacked Pornhub and earned $20,000”
This is a very interesting read on how Dario Weißer (@haxonaut), cutz and Ruslan Habalov (@evonide) were able to find a PHP unserialize bug to exploit and gain remote code execution on Pornhub. Pornhub’s bug bounty program is at Hackerone In stead of actively attacking Pornhub, they took another road and attacked what Pornhub is built upon: PHP.
Continue reading ““How we broke PHP, hacked Pornhub and earned $20,000””
Binary webshell through OPcache in PHP 7
GoSecure wrote up a new PHP exploitation technique using the default OPcache engine from PHP 7. Using this attack vector, it’s possible to bypass certain hardening techniques that disallow the file write access in the web directory. This could be used by an attacker to execute his own malicious code in a hardened environment.
How to install Microsoft’s SQL Server Driver for PHP
In this article I’ll show you how to install the Microsoft SQL Server Driver for PHP 5.6 and PHP 7. This makes the use of an SQL Server database back-end for your PHP website easy. If you want to communicatie with SQLServer from PHP you need to rely on some additional software and PHP extensions. This post walks you through the steps necessary to install the SQL Server driver and SQLSRV extension for PHP 5.6 and PHP 7, on Windows Server IIS of course.
Continue reading “How to install Microsoft’s SQL Server Driver for PHP”
Cracking PHP rand()
Sjoerd Langkemper writes about Cracking PHP rand(): Webapps occasionaly need to create tokens that are hard to guess. For example for session tokens or CSRF tokens, or in forgot password functionality where you get a token mailed to reset your password. These tokens should be cryptographically secure, but are often made by calling
rand() multiple times and transforming the output to a string. This post will explore how hard it is to predict a token made with rand().
Generate pseudo-random passwords with OpenSSL
OpenSSL comes in handy when you need to generate random passwords, for example for system accounts and services. In this short post I’ll give you a quick example on how to generate random passwords with OpenSSL in Linux (Bash), Windows and PHP…
Continue reading “Generate pseudo-random passwords with OpenSSL”
Always_populate_raw_post_data setting in PHP 5.6 & Magento 2.0
Does Magento 2 throw an error about always_populate_raw_post_data being set to 0? And thus having problems installing or updating Magento with PHP 5.6 and PHP 7? Then read on, because here is how to fix upgrades to Magento 2.0 in PHP 5.6 and higher (PHP 7).
Continue reading “Always_populate_raw_post_data setting in PHP 5.6 & Magento 2.0”
WordPress and PHP7
Aaron Jorbin writes to Make WordPress Core about WordPress and PHP7 (I run PHP7 and WordPress for quite some time on Saotn.org, and I think its a great step forward). For the last few months, WordPress Core has been getting ready for the upcoming release of PHP7. PHP7 is bringing a host of improvements to PHP. One of the most notably is substantial performance improvements. Benchmarks of WordPress using PHP7 are showing a 2-3x speed improvement compared to PHP5.6.
Optimize PHP’s OPcache configuration
Tune OPcache and make PHP OPcache perform even better! Now that you have optimized your PHP realpath_cache_size configuration, it is time to fine-tune OPcache. With just a few tweaks you can tune PHP OPcache to make it perform much better, and here is how…