On a daily bases, new vulnerabilities are found in WordPress plugins. And when you host thousands of WordPress sites, you can count on the fact you have some customers using that vulnerable version of that particular plugin. So you need to find those vulnerable versions on your servers fast. On Windows Server, PowerShell is a…
Continue reading Find vulnerable WordPress plugin versions fast using PowerShell
In a previous post I explained that clearing PHP opcode caches before WordPress Updates helps in streamlining the update process. WordPress updates no longer fail because of cached file locations. Did you know you can automatically flush opcode caches like Redis when you publishing a post or page in WordPress? Doing so ensures you and…
Continue reading Automatically flush Redis cache after publishing a WordPress post
Apache Access Control done right in WordPress .htaccess, ‘Allow/Deny from all’ versus ‘Require All Granted/Denied’ Since Apache 2.4.6, a new module is used to configure and set up access control for websites: mod_authz_core. This means you have to use a different syntax for allowing or blocking hosts and IP addresses to your website. But unfortunately,…
Continue reading WordPress .htaccess security best practices in Apache 2.4.6+
With PHP 7.1, some PHP web applications fail because of deprecated code usage. This may result in an error message like [] operator not supported for strings for various Joomla, WordPress and Drupal components. Here’s how to fix this code for PHP 7.1+. Jan ReilinkMy name is Jan. I am not a hacker, coder, developer or…
Continue reading Fatal error: Uncaught Error: [] operator not supported for strings – PHP 7.1
Here is how to increase WordPress’ memory limit (WP_MEMORY_LIMIT) properly. I see this done wrong over and over again in WordPress plugins and themes. In a worst case scenario this may even decrease the available amount of memory for WordPress! So be careful with the advice you follow. In this post I show you one…
Continue reading Increase WordPress’ memory limit WP_MEMORY_LIMIT properly in wp-config.php
The default WordPress theme Twenty Seventeen’s content width can be easily changed to full width. All you need is this bit of CSS. Jan ReilinkMy name is Jan. I am not a hacker, coder, developer or guru. I am merely a systems administrator, doing my daily thing at Vevida. If you feel a post has…
Continue reading How to make Twenty Seventeen theme full width in WordPress
In various hosting environments, WordPress core-, plugin- and theme updates sometimes fail because of enabled opcode caches. Popular PHP opcode caches are OPcache, WinCache and APC. This little WordPress Must Use Plugin tries to flush opcode caches. Making your live a bit easier when updating WordPress Core, Plugins and Themes. Jan ReilinkMy name is Jan.…
Continue reading Clear PHP opcode caches before WordPress Updates: ease the updating process
WordPress load testing with ApacheBench. ab is a small benchmark utility that comes with Apache. It’s a really simple HTTP load generating tool, ideal for a simple WordPress load & speed test. How fast does your WordPress site respond? How many HTTP requests per second can your server handle? These are questions on which ab…
Continue reading Benchmarking WordPress, simple load & speed testing with ApacheBench
How to measure WordPress’ loading time and executed database queries? During an HTTP request, WordPress executes a lot of queries on your MySQL database. Not just the database queries take time, also loading and executing PHP takes time. How do you measure this? Jan ReilinkMy name is Jan. I am not a hacker, coder, developer…
Who said WordPress is slow on Windows Server IIS? Gzip compress and serve WP-Super-Cache or Cache Enabler static HTML files, to supercharge your WordPress blog. Here is how to serve gzip compressed HTML files through Windows Server IIS: create smaller, compressed, static HTML files, that are downloaded faster. This works with WP-Super-Cache and Cache Enabler…
Continue reading Tips to speed up WordPress, serve gzip compressed static HTML files
Over the course of one week I had the opportunity to audit two hacked WordPress websites. I could quickly discover two vulnerabilities: a Cross Site Scripting, or XSS, in a premium WordPress theme Akal, and a Denial-of-Service in an undisclosed newsletter plugin. This post describes the Akal premium WordPress theme XSS vulnerability. Jan ReilinkMy name is…
Continue reading WordPress advisory: Akal premium theme XSS vulnerability
Having an SSL certificate in your WordPress is the de-facto standard nowadays, did you know that? Google ranks sites having HTTPS higher in their SERP. But in WordPress, how do you configure an SSL certificate and HTTPS URL? You’ll learn the important steps to move WordPress from http to https in this post. Jan ReilinkMy…
Continue reading SSL in WordPress: how to move WordPress to HTTPS? The definitive guide
Here are 17+ valuable WordPress snippets for site-specific plugins and functions.php to provide you a better WordPress experience. Enhance your WordPress site with these small PHP snippets: WordPress filters, actions and functions. Quickly add or extend the functionality you need for your WordPress website! Read on… Jan ReilinkMy name is Jan. I am not a hacker, coder,…
Jim Walker from HackRepair.com posted a 2016 version of his Bad Bots .htaccess on Pastebin. I offered Jim to translate his Bad Bots .htaccess to web.config, to be used with Windows Server IIS. And here it is, learn to protect your WordPress website with this web.config file! Jan ReilinkMy name is Jan. I am not…
Continue reading HackRepair.com’s Bad Bots .htaccess in web.config for IIS
Using Windows Server File Server Resource Manager‘s File Screens you can block vulnerable WordPress plugins from being uploaded to your IIS web server. In the following example, you’ll learn how to block WP DB Backup plugin system-wide on Windows Server, read on… Jan ReilinkMy name is Jan. I am not a hacker, coder, developer or…
79 queries, took 0.700 seconds running PHP version 7.4.6