Check WordPress Core files integrity

Check the md5 checksum of WordPress Core files against WordPress’ checksums API, using this standalone PHP file. I chose to use a standalone PHP script to check the md5sum of WordPress Core files against the API so you’re not dependent on a possibly hacked WordPress installation. This kind of guarantees the result can be trusted, as opposed to using a WordPress plugin. I think this is a better integrity check of WordPress Core files.

Continue reading “Check WordPress Core files integrity”

Clear PHP opcode caches before WordPress Updates: ease the updating process

In various hosting environments, WordPress core-, plugin- and theme updates sometimes fail because of enabled opcode caches. Popular PHP opcode caches are OPcache, WinCache and APC. This little WordPress Must Use Plugin tries to flush opcode caches. Making your live a bit easier when updating WordPress Core, Plugins and Themes.

Continue reading “Clear PHP opcode caches before WordPress Updates: ease the updating process”

The WinCache effect: Save with object caching

WinCache, or the Windows Cache Extension for PHP, is a PHP accelerator that is used to significantly increase the speed of PHP applications running on Windows Server IIS. Besides increasing the speed of PHP applications, WinCache decreases CPU usage making it a win win situation extension. I’ve described how to run PHP with WinCache on IIS in an earlier post.

Continue reading “The WinCache effect: Save with object caching”

Benchmarking WordPress, simple load & speed testing with ApacheBench

ApacheBench, or ab, is a small benchmark utility that comes with Apache. It’s a really simple HTTP load generating tool, ideal for a simple WordPress load & speed test. How fast does your WordPress site respond? How many HTTP requests per second can your server handle? These are questions on which ab can shed some light.

Continue reading “Benchmarking WordPress, simple load & speed testing with ApacheBench”

10 Practical tips to optimize WordPress hosting

Isn’t it true that, when you (start to) develop WordPress websites for clients, and you host them yourself, you find yourself in a situation where you need to know a lot about “stuff” other than WordPress development? In this optimize your WordPress hosting post, I provide 10 practical tips for you, to improve WordPress hosting performance. Especially useful for when you plan to host WordPress websites yourself. Read on to learn how I optimize my WordPress hosting, and how you can do the same.

Continue reading “10 Practical tips to optimize WordPress hosting”

“How we broke PHP, hacked Pornhub and earned $20,000”

This is a very interesting read on how Dario Weißer (@haxonaut), cutz and Ruslan Habalov (@evonide) were able to find a PHP unserialize bug to exploit and gain remote code execution on Pornhub. Pornhub’s bug bounty program is at Hackerone In stead of actively attacking Pornhub, they took another road and attacked what Pornhub is built upon: PHP.

Continue reading ““How we broke PHP, hacked Pornhub and earned $20,000””

How to install Microsoft’s SQL Server Driver for PHP

In this article I’ll show you how to install the Microsoft SQL Server Driver for PHP 5.6 and PHP 7. This makes the use of an SQL Server database back-end for your PHP website easu. If you want to communicatie with an SQL Server database from PHP you need to rely on some additional software and PHP extensions. This post walks you through the steps necessary to install the SQL Server driver and SQLSRV extension for PHP 5.6 and PHP 7, on Windows Server IIS of course.

Continue reading “How to install Microsoft’s SQL Server Driver for PHP”

Cracking PHP rand()

Sjoerd Langkemper writes about Cracking PHP rand(): Webapps occasionaly need to create tokens that are hard to guess. For example for session tokens or CSRF tokens, or in forgot password functionality where you get a token mailed to reset your password. These tokens should be cryptographically secure, but are often made by calling rand() multiple times and transforming the output to a string. This post will explore how hard it is to predict a token made with rand().

Continue reading “Cracking PHP rand()”

WordPress and PHP7

Aaron Jorbin writes to Make WordPress Core about WordPress and PHP7 (I run PHP7 and WordPress for quite some time on Saotn.org, and I think its a great step forward). For the last few months, WordPress Core has been getting ready for the upcoming release of PHP7. PHP7 is bringing a host of improvements to PHP. One of the most notably is substantial performance improvements. Benchmarks of WordPress using PHP7 are showing a 2-3x speed improvement compared to PHP5.6.

Continue reading “WordPress and PHP7”

Multiple critical vulnerabilities in PHP File Manager

Revived Wire Media’s PHP File Manager got some issues…

Sijmen Ruwhof, who also analysed the malware spread through NU.nl back in 2012, found some serious security vulnerabilities in a PHP web application called “PHP File Manager”. One, among others, is a backdoor for Revived Wire Media to use. How sick is that?! Another vulnerability makes it easy to download confidential files.

Continue reading “Multiple critical vulnerabilities in PHP File Manager”