Where the Vevida Optimizer WordPress plugin kept plugins on all my WordPress sites up-to-date: Sucuri reports that multiple WordPress plugins are vulnerable to Cross-site Scripting (XSS) due to the misuse of the add_query_arg() and remove_query_arg() functions. These are popular functions used by developers to modify and add query strings to URLs within WordPress. If you haven’t configured automatic updates for WordPress plugins, please update NOW!
Sysadmins of the North
Technical blog, where topics include: computer, server, web, sysadmin, MySQL, database, virtualization, optimization and security
Tag: WordPress (page 3 of 4)
The following PHP function secures your WordPress website by disabling the execution of PHP scripts in wp-content/uploads, on IIS web servers. It creates a web.config file for this purpose.
Continue readingInstalling WordPress is one thing, keeping it up to date is something else. Each week brings new bugs or potential attack scenarios that will make a WordPress website vulnerable to hacks. Enabling automatic updates for all or at least most parts of WordPress solves a large number of problems with irregularly maintained WordPress websites.
WordPress 4.2 is coming soon, and Boone Gorges writes on Make WordPress Core about WP_Query improvements for ‘orderby’ and ‘meta_query’:
How to display WordPress tags with commas in them? Normally, in a WordPress post all tags are comma seperated: php, wordpress, functions.php. But what if you want to use a tag with commas in it? For instance cafe, bar, restaurants. Easy, create a filter in your WordPress functions.php, here is how.
Learn how to replace content in your MySQL database in bulk with MySQL REPLACE. Sometimes it’s useful to know how to bulk edit content in your WordPress MySQL database, using MySQL’s REPLACE() function. Here is how to string replace content in WordPress wp_posts table to bulk edit WordPress posts through MySQL.
This post contains information on vulnerabilities for 7 (at least somewhat) popular WordPress plugins. All of these vulnerabilities were trivial to discover (and are trivial to fix). The state of WordPress plugin security is very sad indeed. None of the developers were contacted in advance of this post (except where otherwise noted). Additional vulnerabilities will be posted as time permits. WordPress Plugin Vulnerability Dump – Part 1
WordPress 3.9.2 is now available as a security release for all previous versions. We strongly encourage you to update your sites immediately. This release fixes a possible denial of service issue in PHP’s XML processing, reported by Nir Goldshlager of the Salesforce.com Product Security Team. It was fixed by Michael Adams and Andrew Nacin of the WordPress security team and David Rothstein of the Drupal security team. This is the first time our two projects have coordinated on joint security releases.
How to configure TLS for SMTP email in WordPress. I was suprised WordPress is not able to send email using an SMTP server out-of-the-box. Not to mention using authenticated SMTP or TLS transport for security. A quick Google search showed me multiple plugins to handle this, but I wanted to create something myself. Here is how to override the wp-mail() function and send email using authenticated SMTP and StartTLS from WordPress.
WordPress xmlprc.php DDoS and brute-force attacks. How to identify, block, mitigate and leverage these xmlrpc.php scans, brute-force, and user enumeration attacks on WordPress sites… Secure WordPress xmlprc.php interface and reduce service disruption.
Chmod.php, change file attributes with PHP, to make files read only or normally accessible on Windows IIS servers. Sometimes you need chmod to make files read only on your website, or make them normally accessible in case they already are read only. For instance Drupal’s settings.php configuration file, or WordPress Contact Form 7 temporary captcha files, are examples of read-only files.
If you run a WordPress blog where you display (parts of) source code, syntax highlighting is a must! It prettifies the code which makes it easier to read and it distinguishes code from text. However, most syntax highlighting is made available through plugins, and we all know too many plugins bring a lot of overhead to your blog.
This post provides links to some articles I found last week. The posts might be interesting in various fields of expertise, for either system administrators or developers (DevOps). Topics include: web security, WordPress performance, jQuery, ASP.NET MVC caching, partial trust, view state MAC, and fixing IIS website hangs.
How to reset a lost WordPress password: If you’ve lost or forgotten your WordPress admin password, you can easily reset the password. Either use the following MySQL statement to reset your WordPress admin password, or change it through functions.php.
An often heard solution to PHP cURL errors with SSL is to turn off CURLOPT_SSL_VERIFYPEER. Please don’t turn off CURLOPT_SSL_VERIFYPEER, but fix your PHP config instead. This article provides you with two solutions to solve CA certificate validation errors with PHP cURL and OpenSSL. For system administrators and end-users.
Want to say thanks?
Did you find a post interesting? Has a post helped you solve a problem? If I’ve helped you out and you want to thank me, why not buy me a coffee?
Thank you for your support.
© 2019 Sysadmins of the North
Theme by Anders Noren — Up ↑
Recent Comments