Show the number of registered WordPress users in At-a-Glance widget Often when a WordPress site is compromised, the website owner doesn’t notice anything strange at first. First a lot of users are created, and it’s only later when posts filled with spam are created or existing pages/posts edited. In the time between compromise and creation…
Continue reading Count and display number of WordPress users in your Dashboard
On a daily bases, new vulnerabilities are found in WordPress plugins. And when you host thousands of WordPress sites, you can count on the fact you have some customers using that vulnerable version of that particular plugin. So you need to find those vulnerable versions on your servers fast. On Windows Server, PowerShell is a…
Continue reading Find vulnerable WordPress plugin versions fast using PowerShell
Secure wp-content/uploads in Linux Apache and Windows Server IIS It’s recommended to disallow access to and execution of PHP files in wp-content/uploads folder. Preferably and without the use of a security plugin. Blocking access to PHP files in WordPress wp-content/uploads folder is easily achieved with a .htaccess file on Linux Apache, or web.config accesssPolicy in…
Continue reading Disallow direct access to PHP files in wp-content/uploads/
You can use this Bash function in your .bashrc file to generate a random alphanumeric string. This comes in handy when you need to generate a long, secure password for example. Adjust to your needs. Jan ReilinkMy name is Jan. I am not a hacker, coder, developer or guru. I am merely a systems administrator,…
Continue reading Bash function to generate a random alphanumeric string
In this post I’ll show you how to configure an IP whitelist for IIS FTP Server using PowerShell iisadministration and webadministration modules
Whenever WordPress is using a lot of CPU and you have Wordfence Security plugin enabled, it is recommended to double check some settings. Unfortunately the Wordfence “Live Traffic Options” (“Traffic logging mode”) feature can cause high CPU usage and load issues for WordPress websites. Therefore, I recommend you disable this feature to improve the performance…
Continue reading Reduce Wordfence CPU usage, disable Wordfence “Live Traffic View”
Microsoft is pleased to announce the final release of the security configuration baseline settings for Windows 10 version 1903 (a.k.a., “19H1”), and for Windows Server version 1903. Jan ReilinkMy name is Jan. I am not a hacker, coder, developer or guru. I am merely a systems administrator, doing my daily thing at Vevida. If you…
Continue reading Security baseline for Windows 10 v1903 and Windows Server v1903 – final release
Since WannaCry and Petya ransomware were spreading through Windows systems in 2017, it’s recommended to have Server Message Block version 1 (SMBv1) disabled in Windows clients and Windows Server. Now SMBv1 is not installed by default in Windows 10 1709 and Windows Server, version 1709 and later, but how can you be sure it is…
Continue reading How to verify SMBv1 is disabled in Windows and Windows Server
Apache Access Control done right in WordPress .htaccess, ‘Allow/Deny from all’ versus ‘Require All Granted/Denied’ Since Apache 2.4.6, a new module is used to configure and set up access control for websites: mod_authz_core. This means you have to use a different syntax for allowing or blocking hosts and IP addresses to your website. But unfortunately,…
Continue reading WordPress .htaccess security best practices in Apache 2.4.6+
If you want to connect securely to your MySQL database over SSL using PHP Data Objects (PDO), here is how… Jan ReilinkMy name is Jan. I am not a hacker, coder, developer or guru. I am merely a systems administrator, doing my daily thing at Vevida. If you feel a post has helped solve your problem,…
Continue reading How to use SSL in PHP Data Objects (PDO) mysql
Ryan McFarland writes on his blog: “Privilege escalation always comes down to proper enumeration. But to accomplish proper enumeration you need to know what to check and look for. This takes familiarity with systems that normally comes along with experience. At first privilege escalation can seem like a daunting task, but after a while you…
There are a lot of hints & tips out there for troubleshooting SPNs, or Service Principal Names. Listing duplicate SPNs is fairly easy, just use setspn -X on your command-line and you’ll find out. But how do you find out which SPNs are used for which users and computers are used for this? Jan ReilinkMy…
Continue reading List all SPNs used in your Active Directory
There is another VERY IMPORTANT THING with Microsoft Meltdown patches like update KB4056892: – Customers will not receive these security updates and will not be protected from security vulnerabilities unless their anti-virus software vendor sets the following registry key: Jan ReilinkMy name is Jan. I am not a hacker, coder, developer or guru. I am…
Continue reading Important note about Windows Update KB4056892
A short post for my colleagues at the customer support and anyone else wondering the same: how to disable TLS encryption in FileZilla and turn off the FTP over TLS default setting? Jan ReilinkMy name is Jan. I am not a hacker, coder, developer or guru. I am merely a systems administrator, doing my daily…
Continue reading How to turn off the TLS default in FileZilla?
When you have just installed your new Windows Server, with or without IIS as web server, it is important to take a few extra security measurements. Securing your server is important to keep hackers out and your data safe. This article shows 3 4 key steps in securing your Windows Server web (IIS) or file…
Continue reading What are 4 important security measures for Windows Server & IIS?
79 queries, took 0.590 seconds running PHP version 7.4.6