WordPress Archives - Sysadmins of the North

WordPress Security

WordPress .htaccess security best practices in Apache 2.4.6+

Apache Access Control done right, ‘Allow/Deny from all’ versus ‘Require All Granted/Denied’

Since Apache 2.4.6, a new module is used to configure and set up access control for websites: mod_authz_core. This means you have to use a different syntax for allowing or blocking hosts and IP addresses to your website. But unfortunately, old documentation is never updated and people even still write blog posts using that old syntax, leaving you with an unprotected website. Not what you had in mind, now is it?…

(more…)

By Jan Reilink, 4 months3 weeks ago

WordPress

A plea for WordPress plugin developers to stop supporting legacy PHP versions

“A plea for plugin developers to stop supporting legacy PHP versions” (hear! hear!), Jeff Chandler writes on WP Tavern. Iain Poulson has published a thoughtful request on the Delicious Brains blog asking WordPress plugin developers to stop supporting legacy PHP versions. He covers some of the benefits of developing with newer versions of PHP, what Delicious Brains is doing with its plugins, and using the Requires Minimum PHP Version header in readme.txt.

(more…)

By Jan Reilink, 11 months11 months ago

Code base

Fatal error: Uncaught Error: [] operator not supported for strings – PHP 7.1

With PHP 7.1, some PHP web applications fail because of deprecated code usage. This may result in an error message like [] operator not supported for strings for various Joomla!, WordPress and Drupal components. Here’s how to fix this code for PHP 7.1+.

(more…)

By Jan Reilink, 12 months1 month ago

WordPress

Set WP_MEMORY_LIMIT value correctly in wp-config.php

WordPress developers: please stay away from WP_MEMORY_LIMIT and PHP memory_limit settings! We see this done wrong over and over in WordPress plugins and themes. One of such themes is the premium theme Jupiter by Artbees, or WPML as plugin. WordPress users: don’t touch these memory limitation settings either! They’re imposed for a reason. Here’s some explanation:

(more…)

By Jan Reilink, 12 months2 months ago

WordPress

The need for speed: Google dedicates engineering team to accelerate development of WordPress ecosystem

Search Engine Land writes that Google’s partnership with WordPress aims to jump-start the platform’s support of the latest web technologies — particularly those involving performance & mobile experience. And they’re hiring WordPress experts.

(more…)

By Jan Reilink, 1 year ago

WordPress Documentation

How to make Twenty Seventeen theme full width in WordPress

The default WordPress theme Twenty Seventeen’s content width can be easily changed to full width. All you need is this bit of CSS.

(more…)

By Jan Reilink, 2 years2 weeks ago

WordPress

Quiet WordPress 4.7 RC2 available

Helen Hou-Sandi writes on Make WordPress Core that there is a quiet RC2 now available – it is a fair number of commits (50+), so please take a look through those and test as you can.

By Jan Reilink, 2 years2 weeks ago

WordPress

Clear PHP opcode caches before WordPress Updates: ease the updating process

In various hosting environments, WordPress core-, plugin- and theme updates sometimes fail because of enabled opcode caches. Popular PHP opcode caches are OPcache, WinCache and APC. This little WordPress Must Use Plugin tries to flush opcode caches. Making your live a bit easier when updating WordPress Core, Plugins and Themes.

(more…)

By Jan Reilink, 2 years2 months ago

WordPress Optimization

Benchmarking WordPress, simple load & speed testing with ApacheBench

WordPress load testing with ApacheBench. ab is a small benchmark utility that comes with Apache. It’s a really simple HTTP load generating tool, ideal for a simple WordPress load & speed test. How fast does your WordPress site respond? How many HTTP requests per second can your server handle? These are questions on which ab can shed some light.

(more…)

By Jan Reilink, 2 years1 year ago

WordPress Optimization

Measure WordPress loading time and queries

How to measure WordPress’ loading time and executed database queries? During an HTTP request, WordPress executes a lot of queries on your MySQL database. Not just the database queries take time, also loading and executing PHP takes time. How do you measure this?

(more…)

By Jan Reilink, 2 years1 year ago

WordPress Optimization

Tips to speed up WordPress, serve gzip compressed static HTML files

Who said WordPress is slow on Windows Server IIS? Gzip compress and serve WP-Super-Cache or Cache Enabler static HTML files, to supercharge your WordPress blog. Here is how to serve gzip compressed HTML files through Windows Server IIS: create smaller, compressed, static HTML files, that are downloaded faster. This works with WP-Super-Cache and Cache Enabler on IIS!

(more…)

By Jan Reilink, 2 years1 year ago

WordPress Security

WordPress advisory: Akal premium theme XSS vulnerability & abandonded

Over the course of one week I had the opportunity to audit two hacked WordPress websites. I could quickly discover two vulnerabilities: a Cross Site Scripting, or XSS, in a premium WordPress theme Akal, and a Denial-of-Service in an undisclosed newsletter plugin. This post describes the Akal premium WordPress theme XSS vulnerability.

(more…)

By Jan Reilink, 3 years3 weeks ago

WordPress

SSL in WordPress: how to move WordPress to HTTPS? The definitive guide

Having an SSL certificate in your WordPress is the de-facto standard nowadays, did you know that? Google ranks sites having HTTPS higher in their SERP. But in WordPress, how do you configure an SSL certificate and HTTPS URL? You’ll learn the important steps to move WordPress from http to https in this post.

(more…)

By Jan Reilink, 3 years1 month ago

WordPress

17+ Valuable WordPress snippets you never knew you couldn’t live without

Here are 17+ valuable WordPress snippets for a site-specific plugin and functions.php file that provides you a better WordPress experience. Enhance your WordPress site with these small PHP snippets: WordPress filters, actions and functions. Quickly add or extend the functionality you need for your WordPress website! Read on…

(more…)

By Jan Reilink, 3 years2 weeks ago

Security

Breaking into a WordPress site without knowing WordPress/PHP or InfoSec at all

Someone posted to notehub.org an article on how he broke into his college’s WordPress website, without having any prior knowledge of WordPress, PHP, and without any experience with hacking web servers. The attempts were spread out over a month, but effectively totaled a day maybe. The author said to have learned a lot of things while doing the research part which accounted for most of his time, though. On NoteHub, he shares some of the relevant details and how he went along doing this.

(more…)

By Jan Reilink, 3 years2 years ago