Sjoerd Langkemper writes about Cracking PHP rand():
Webapps occasionaly need to create tokens that are hard to guess. For example for session tokens or CSRF tokens, or in forgot password functionality where you get a token mailed to reset your password. These tokens should be cryptographically secure, but are often made by calling
rand() multiple times and transforming the output to a string. This post will explore how hard it is to predict a token made with
The WordPress WP-Super-Cache cache plugin doesn’t minify HTML cache files, which I find a disadvantage. Knowing minify libraries, I went looking for an existing solution (why reinvent the wheel?), and found one: WPSCMin. Read on …
OpenSSL comes in handy when you need to generate random passwords, for example for system accounts and services. In this short post I’ll give you a quick example on how to generate random passwords with OpenSSL in Linux (Bash), Windows and PHP…
Does Magento 2 throw an error about
always_populate_raw_post_data being set to
0? And are you having problems installing or updating Magento with PHP 5.6 and PHP 7? Then read on, because here is how to fix upgrades to Magento 2.0 in PHP 5.6 and higher: PHP 7+.
Tune OPcache and make PHP OPcache perform even better! Now that you’ve optimized PHP realpath_cache_size, it’s time to fine-tune OPcache. With just a few tweaks you can tune PHP OPcache to make it perform much better, and here is how…
Revived Wire Media’s PHP File Manager got some issues…
Sijmen Ruwhof, who also analysed the malware spread through NU.nl back in 2012, found some serious security vulnerabilities in a PHP web application called “PHP File Manager”. One, among others, is a backdoor for Revived Wire Media to use. How sick is that?! Another vulnerability makes it easy to download confidential files.
In my WordPress multisite, I use one theme for three sites and a tracking code for analytics on my websites. Whether it is Google Analytics or Piwik doesn’t matter. Here is how you can conditionally add tracking codes to your WordPress Multisite: Use a condition in
functions.php to add the tracking code for Piwik/Matomo Analytics or Google Analytics.
Or why *not* to add a delay … !
It is important to protect your WordPress website from brute-force attacks, and various security plugins exist in doing so. For the purpose of this article, I modified the WordPress Login Delay plugin with a fixed delay of three seconds for my
wp-login.php page. This provides you with an easy to use method of protecting your WordPress login form (but do read the caveats!).
Deny direct access to PHP files in wp-content/uploads/
The following PHP function secures your WordPress website by disabling the execution of PHP scripts in wp-content/uploads, on Windows Server IIS web servers. It creates a
web.config file for this purpose.
UTF-8 encoding breaks when upgrading PHP 5.6 to PHP 7.0.
An important note for everyone who’s upgrading from PHP 5.4 and PHP 5.5, to PHP 5.6: the PHP
default_charset in php.ini changed from “empty” to UTF-8, making UTF-8 the default charset in PHP. This may break HTML output if you try to set a different charset in your HTML head. It may also break functions like
htmlspecialchars. For example:
This post will show you how to convert PHP mysql extension functions to PHP MySQLi extension. Migrating away from ext/mysql to MySQLi (or PHP Data Object (PDO)) is important, because the ext/mysql functions are deprecated as of PHP 5.5.0. If you do not update your PHP code, your website will fail soon!
The PHP directive
realpath_cache_size sets the size of the realpath cache to be used by PHP. Increasing
realpath_cache_size might greatly improve PHP performance, as PHP states: “
this value should be increased on systems where PHP opens many files.” Setting a correct value for PHP realpath_cache_size can greatly improve PHP performance and optimize WordPress – and other CMS’s – websites.
Redirect pages with PHP. If you’ve moved some old PHP pages, or URLs, to new pages and URLs, you can use the following PHP code snippet to easily redirect all visitors and incoming requests to the new location. This PHP code snippet uses a 301 Moved Permanently redirect, perfect for SEO.
How to display WordPress tags with commas in them? Normally, in a WordPress post all tags are comma seperated: php, wordpress, functions.php. But what if you want to use a tag with commas in it? For instance cafe, bar, restaurants. Easy, create a filter in your WordPress
functions.php, here is how.
Here you’ll find a PHP script to check if your website is up and online available. It uses PHP and cURL. This script comes in handy because website uptime and availability is important, and you want your website to be always online available. If your website is down, it’ll send you an email to notify you about downtime.