wordpress (Page 2)

Fatal error: Uncaught Error: [] operator not supported for strings - PHP 7.1

With PHP 7.1, some PHP web applications fail because of deprecated code usage. This may result in an error message like `[] operator not supported for strings` for various Joomla, WordPress and Drupal components. Here's how to fix this code for PHP 7.1+.

Protect WordPress from brute-force XML-RPC attacks

The WordPress XML-RPC API has been under attack for many years. Back in August 2014, WordPress released version 3.9.2, fixing a possible denial of service issue in PHP’s XML processing. There are brute-force amplification attacks, reported by Sucuri, and so on. So, how do you protect WordPress from these xmlrpc.php attacks, optionally still being able to use (some of) its functionality like Jetpack? This post gives you some insights.

Read more...

How to make Twenty Seventeen theme full width in WordPress

The default WordPress theme Twenty Seventeen's content width can be easily changed to full width. All you need is this bit of CSS. To make Twenty Seventeen full width in WordPress, add the following CSS to your theme's CSS file, or in Customizer's Additional CSS.

Check WordPress Core files integrity

Check WordPress integrity and verify WordPress Core files' md5 checksums against WordPress' checksums API, using this standalone PHP file. I chose to use a standalone PHP script to check the md5sum of WordPress Core files against the API so you're not dependent on a possibly hacked WordPress installation. This kind of guarantees the result can be trusted, as opposed to using a WordPress plugin. I think this is a better integrity check of WordPress Core files.

Read more...

The WinCache effect: Save with object caching

WinCache, or Windows Cache Extension for PHP, is a PHP accelerator that is used to significantly increase the speed of PHP applications running on Windows Server IIS. Besides increasing the speed of PHP applications, WinCache decreases CPU usage making it a win win situation extension.

WordPress advisory: Akal premium theme XSS vulnerability

Over the course of one week I had the opportunity to audit two hacked WordPress websites. I could quickly discover two vulnerabilities: a Cross Site Scripting, or XSS, in a premium WordPress theme Akal, and a Denial-of-Service in an undisclosed newsletter plugin. This post describes the Akal premium WordPress theme XSS vulnerability.

Read more...

SSL in WordPress: how to move WordPress to HTTPS? The definitive guide

Having an SSL certificate in your WordPress is the de-facto standard nowadays, did you know that? Google ranks sites having HTTPS higher in their SERP. But in WordPress, how do you configure an SSL certificate and HTTPS URL? You'll learn the important steps to move WordPress from http to https in this post.

Optimize WordPress MySQL tables through Cron, behind the scenes

To regularly optimize my WordPress database tables, I created a small plugin that utilizes the WordPress Cron feature. This comes in handy to perform database optimization for WordPress on a regular basis, without forgetting about it. Just activate and enjoy. And here is the plugin code.

HackRepair.com's Bad Bots .htaccess in web.config for IIS

Learn to protect your WordPress website with this web.config file

Deny vulnerable WordPress plugins using Windows Server File Server Resource Manager's File Screens

Using Windows Server File Server Resource Manager (FSRM) File Screens you can block vulnerable WordPress plugins from being uploaded to your IIS web server. In the following example, you'll learn how to block WP DB Backup plugin system-wide on Windows Server, read on...

Read more...

windows-server (95) iis (80) powershell (76) php (54) wordpress (43) mysql (36) windows (34) performance (28) linux (23) web.config (23) Website (22) htaccess (20) aspnet (19) url-rewrite-module (19) sql-server (18) bash (18) optimization (18) ssl (17) plugin (13) windows-10 (12) devops (11) monitoring (11) security (10) gnu-linux (10) appcmd (10) wsl (9) smtp (9) wincache (9) wmi (8) zabbix (8) windows-update (8) opcache (8) openssh (7) database (7) dism (7) iis-60 (7) sysops (6) wsus (6) apache (6) hyper-v (6) virtualization (6) spam (6) functions-php (6) classic-asp (6) ddos (6) password (5) email (5) active-directory (5) joomla (5) command-line (5) application-pool (5) blacklist (5) t-sql (4) wql (4) https (4) group-policy (4) backup (4) connector-net (4) debug (4) logparser (4) network-adapter (4) dns (4) query_cache (4) ghost (4) iisnode (4) node-js (4) vbscript (3) umbraco (3) windows-firewall (3) brute-force (3) ftp (3) postfix (3) forensics (3) benchmark (3) xss (3) disk-cleanup (3) disk-space (3) sql-injection (3) openssl (2) net-core (2) visual-studio (2) windows-defender (2) rdp (2) connector-odbc (2) c (2) mysqldump (2) xml-rpc (2) smb (2) cross-site-scripting (2) innodb (2) httpbl (2) centos (2) magento (2) denial-of-service (2) deployment (2) windows-deployment-services (2) mysqli (2) open-xchange (2) waf (2) web-application-firewall (2) windows-11 (1) ipv6 (1) networking (1) sqlce (1) tinymce (1) Prianha-CMS (1) kvm (1) http-3 (1) quic (1) wmsvc (1) database-mirroring (1) service-principal-names (1) spn (1) jetpack (1) api (1) kms (1) red-hat (1) varnish-cache (1) elasticsearch (1) dhcp (1) jquery (1)