Clear PHP opcode caches before WordPress Updates: ease the updating process

In various hosting environments, WordPress core-, plugin- and theme updates sometimes fail because of enabled opcode caches. Popular PHP opcode caches are OPcache, WinCache and APC. This little WordPress Must Use Plugin tries to flush opcode caches. Making your live a bit easier when updating WordPress Core, Plugins and Themes.

Continue reading “Clear PHP opcode caches before WordPress Updates: ease the updating process”

The WinCache effect: Save with object caching

WinCache, or the Windows Cache Extension for PHP, is a PHP accelerator that is used to significantly increase the speed of PHP applications running on Windows Server IIS. Besides increasing the speed of PHP applications, WinCache decreases CPU usage making it a win win situation extension. I’ve described how to run PHP with WinCache on IIS in an earlier post.

Continue reading “The WinCache effect: Save with object caching”

Benchmarking WordPress, simple load & speed testing with ApacheBench

ApacheBench, or ab, is a small benchmark utility that comes with Apache. It’s a really simple HTTP load generating tool, ideal for a simple WordPress load & speed test. How fast does your WordPress site respond? How many HTTP requests per second can your server handle? These are questions on which ab can shed some light.

Continue reading “Benchmarking WordPress, simple load & speed testing with ApacheBench”

Tips to speed up WordPress, serve gzip comressed static HTML files

Who said WordPress is slow on Windows Server IIS? Gzip compress and serve WP-Super-Cache or Cache Enabler static HTML files, to supercharge your WordPress blog. Here is how to serve gzip compressed HTML files through Windows Server IIS: create smaller, compressed, static HTML files, that are downloaded faster. This works with WP-Super-Cache and Cache Enabler on IIS!

Continue reading “Tips to speed up WordPress, serve gzip comressed static HTML files”

WordPress advisory: Akal premium theme XSS vulnerability & abandonded

Over the course of one week I had the opportunity to audit two hacked WordPress websites. I could quickly discover two vulnerabilities: a Cross Site Scripting, or XSS, in a premium WordPress theme Akal, and a SQL injection Denial-of-Service in a later to be disclosed plugin. This post describes the Akal theme XSS vulnerability.

Continue reading “WordPress advisory: Akal premium theme XSS vulnerability & abandonded”

SSL in WordPress: how to move your WordPress site to HTTPS? The definitive guide

How to add SSL and HTTPS in your WordPress site, the definitive guide! Did you know that having an SSL certificate on your website is the de-facto standard nowadays? Google ranks sites having HTTPS -or an SSL certificate- higher in their SERP. But in WordPress, what do you need to do to set up and install an SSL certificate in your WordPress website? You’ll learn the important steps to move WordPress from http to https in this post.

Continue reading “SSL in WordPress: how to move your WordPress site to HTTPS? The definitive guide”

17 Valuable WordPress snippets you never knew you could live without

17 valuable WordPress snippets for a site-specific plugin and functions.php that give you a better WordPress experience. Enhance your WordPress site with these small PHP snippets: WordPress filters, actions and functions. Quickly add or extend the functionality you need for your WordPress website! Read on…

Continue reading “17 Valuable WordPress snippets you never knew you could live without”

Breaking into a WordPress site without knowing WordPress/PHP or InfoSec at all

Someone posted to notehub.org an article on how he broke into his college’s WordPress website, without having any prior knowledge of WordPress, PHP, and without any experience with hacking web servers. The attempts were spread out over a month, but effectively totaled a day maybe. The author said to have learned a lot of things while doing the research part which accounted for most of his time, though. On NoteHub, he shares some of the relevant details and how he went along doing this.

Continue reading “Breaking into a WordPress site without knowing WordPress/PHP or InfoSec at all”

Deny vulnerable WordPress plugins using Windows Server File Server Resource Manager’s File Screens

Using Windows Server File Server Resource Manager’s File Screens you can block vulnerable WordPress plugins from being saved on your IIS web server. In the following example, you’ll learn how to block WP DB Backup plugin system-wide on Windows Server, read on…

Continue reading “Deny vulnerable WordPress plugins using Windows Server File Server Resource Manager’s File Screens”