Show the number of registered WordPress users in the At-a-Glance widget in the Dashboard

Count and display number of WordPress users in your Dashboard

Show the number of registered WordPress users in At-a-Glance widget Often when a WordPress site is compromised, the website owner doesn’t notice anything strange at first. First a lot of users are created, and it’s only later when posts filled with spam are created or existing pages/posts edited. In the time between compromise and creation…

Continue reading Count and display number of WordPress users in your Dashboard

Set PHP handler accessPolicy (Request Restrictions) to Read in IIS

Disallow direct access to PHP files in wp-content/uploads/

Secure wp-content/uploads in Linux Apache and Windows Server IIS It’s recommended to disallow access to and execution of PHP files in wp-content/uploads folder. Preferably and without the use of a security plugin. Blocking access to PHP files in WordPress wp-content/uploads folder is easily achieved with a .htaccess file on Linux Apache, or web.config accesssPolicy in…

Continue reading Disallow direct access to PHP files in wp-content/uploads/

IIS FTP IP Address and Domain Restrictions

IIS 10.0 FTP IP Security whitelist

In this post I’ll show you how to configure an IP whitelist for IIS FTP Server using PowerShell iisadministration and webadministration modules

Reduce Wordfence CPU usage, disable Wordfence “Live Traffic View”

Whenever WordPress is using a lot of CPU and you have Wordfence Security plugin enabled, it is recommended to double check some settings. Unfortunately the Wordfence “Live Traffic Options” (“Traffic logging mode”) feature can cause high CPU usage and load issues for WordPress websites. Therefore, I recommend you disable this feature to improve the performance…

Continue reading Reduce Wordfence CPU usage, disable Wordfence “Live Traffic View”

Security baseline for Windows 10 v1903 and Windows Server v1903 – final release

Microsoft is pleased to announce the final release of the security configuration baseline settings for Windows 10 version 1903 (a.k.a., “19H1”), and for Windows Server version 1903. Jan ReilinkMy name is Jan. I am not a hacker, coder, developer or guru. I am merely a systems administrator, doing my daily thing at Vevida. If you…

Continue reading Security baseline for Windows 10 v1903 and Windows Server v1903 – final release

How to verify SMBv1 is disabled in Windows and Windows Server

Since WannaCry and Petya ransomware were spreading through Windows systems in 2017, it’s recommended to have Server Message Block version 1 (SMBv1) disabled in Windows clients and Windows Server. Now SMBv1 is not installed by default in Windows 10 1709 and Windows Server, version 1709 and later, but how can you be sure it is…

Continue reading How to verify SMBv1 is disabled in Windows and Windows Server

Security?

WordPress .htaccess security best practices in Apache 2.4.6+

Apache Access Control done right in WordPress .htaccess, ‘Allow/Deny from all’ versus ‘Require All Granted/Denied’ Since Apache 2.4.6, a new module is used to configure and set up access control for websites: mod_authz_core. This means you have to use a different syntax for allowing or blocking hosts and IP addresses to your website. But unfortunately,…

Continue reading WordPress .htaccess security best practices in Apache 2.4.6+

Windows privilege escalation guide

Ryan McFarland writes on his blog: “Privilege escalation always comes down to proper enumeration. But to accomplish proper enumeration you need to know what to check and look for. This takes familiarity with systems that normally comes along with experience. At first privilege escalation can seem like a daunting task, but after a while you…

Continue reading Windows privilege escalation guide