Fatal error: Uncaught Error: [] operator not supported for strings - PHP 7.1
Protect WordPress from brute-force XML-RPC attacks
The WordPress XML-RPC API has been under attack for many years. Back in August 2014, WordPress released version 3.9.2, fixing a possible denial of service issue in PHP’s XML processing. There are brute-force amplification attacks, reported by Sucuri, and so on. So, how do you protect WordPress from these xmlrpc.php attacks, optionally still being able to use (some of) its functionality like Jetpack? This post gives you some insights.
How to make Twenty Seventeen theme full width in WordPress
Check WordPress Core files integrity
Check WordPress integrity and verify WordPress Core files' md5 checksums against WordPress' checksums API, using this standalone PHP file. I chose to use a standalone PHP script to check the md5sum of WordPress Core files against the API so you're not dependent on a possibly hacked WordPress installation. This kind of guarantees the result can be trusted, as opposed to using a WordPress plugin. I think this is a better integrity check of WordPress Core files.
The WinCache effect: Save with object caching
WordPress advisory: Akal premium theme XSS vulnerability
Over the course of one week I had the opportunity to audit two hacked WordPress websites. I could quickly discover two vulnerabilities: a Cross Site Scripting, or XSS, in a premium WordPress theme Akal, and a Denial-of-Service in an undisclosed newsletter plugin. This post describes the Akal premium WordPress theme XSS vulnerability.
SSL in WordPress: how to move WordPress to HTTPS? The definitive guide
Optimize WordPress MySQL tables through Cron, behind the scenes
HackRepair.com's Bad Bots .htaccess in web.config for IIS
Deny vulnerable WordPress plugins using Windows Server File Server Resource Manager's File Screens
Using Windows Server File Server Resource Manager (FSRM) File Screens you can block vulnerable WordPress plugins from being uploaded to your IIS web server. In the following example, you'll learn how to block WP DB Backup plugin system-wide on Windows Server, read on...