Umbraco logo blue

How to optimize Umbraco 8 performance

Learn how to optimize a site running Umbraco 8 with a Microsoft SQL Server database back-end.

Out of the box, Umbraco is a well built and pretty fast content management system. However, it is important you perform some steps to further optimize Umbraco’s performance and loading speed. Here on Sysadmins of the North, I wrote about 11+ tips to optimize Umbraco 7 CMS earlier, and in this post I write about implementing them in Umbraco 8.

Read more

3 Ways of blocking sendmail.php on IIS webserver

Here are 3 ways of blocking access to a PHP sendmail.php script on your Windows Server IIS webserver. This comes in handy if a websites on your webserver sends out spam and you need to block access to a script on a specific website or globally in IIS. You can use a web.config file for this purpose, and here is how.

Read more

Disable Joomla Contacts component (com_contact) in MySQL / phpMyAdmin

How-to disable Joomla’s built-in contact forms component and its ability to send a copy to the sender, directly in your MySQL database using phpMyAdmin

Often the built-in Joomla contact forms component (com_contact) is abused by spammers. These contact forms allow the sender to receive a copy of the form contents. All spammers need to do is enter the email address of the target as sender/from. This way, anyone can use the Joomla contact form for spamming anyone. This short article explains how to disable and combat this.

Read more

Disable WordPress XCloner Plugin logger in MySQL / phpMyAdmin

If XCloner Logger option is enabled, it will store a log file inside the xcloner-XXXXX folder inside the backup archive. The file is named xcloner-xxxxx.log. This can generate a huge amount of temporary files and log files on your file system. This short article provides you one SQL statement to disable XCloner log directly in your WordPress MySQL database, using phpMyAdmin.

Read more

How to Fix Yoast SEO for WordPress DeleteDuplicateIndexables MySQL error

In recent days, there are a number of reports about broken Yoast SEO database operations, related to the DeleteDuplicateIndexables function. The PHP function is located in the file wordpress-seo\src\config\migrations\20200507054848_DeleteDuplicateIndexables.php, and in this post I’ll provide you with a possible fix for this statement. Read on.

Read more

Show the number of registered WordPress users in the At-a-Glance widget in the Dashboard

Count and display number of WordPress users in your Dashboard

Show the number of registered WordPress users in At-a-Glance widget

Often when a WordPress site is compromised, the website owner doesn’t notice anything strange at first. First a lot of users are created, and it’s only later when posts filled with spam are created or existing pages/posts edited. In the time between compromise and creation of spam posts, a website owner might notice an increased number of users. If he has the means to. And that’s what this little plugin does.

Read more

Set PHP handler accessPolicy (Request Restrictions) to Read in IIS

Disallow direct access to PHP files in wp-content/uploads/

Secure wp-content/uploads in Linux Apache and Windows Server IIS

It’s recommended to disallow access to and execution of PHP files in wp-content/uploads folder. Preferably without the use of a security plugin. Blocking access to PHP files in WordPress wp-content/uploads folder is easily achieved with a .htaccess file on Linux Apache, or web.config accesssPolicy in Windows Server IIS, and here is how.

Read more

Reduce Wordfence CPU usage, disable Wordfence “Live Traffic View”

Whenever WordPress is using a lot of CPU and you have Wordfence Security plugin enabled, it is recommended to double check some settings. Unfortunately the Wordfence “Live Traffic Options” (“Traffic logging mode”) feature can cause high CPU usage and load issues for WordPress websites. Therefore, I recommend you disable this feature to improve the performance of your WordPress website.

Read more

Automatically flush Redis cache after publishing a WordPress post

In a previous post I explained that clearing PHP opcode caches before WordPress Updates helps in streamlining the update process. WordPress updates no longer fail because of cached file locations. Did you know you can automatically flush opcode caches like Redis when you publishing a post or page in WordPress? Doing so ensures you and your visitors see the newly created content immediately.

Read more

Security?

WordPress .htaccess security best practices in Apache 2.4.6+

Apache Access Control done right in WordPress .htaccess, ‘Allow/Deny from all’ versus ‘Require All Granted/Denied’

Since Apache 2.4.6, a new module is used to configure and set up access control for websites: mod_authz_core. This means you have to use a different syntax for allowing or blocking hosts and IP addresses to your website. But unfortunately, old documentation is never updated and people even still write blog posts using that old syntax, leaving you with an unprotected website. Not what you had in mind, now is it?…

Read more

Loading time: 90 queries, 0.575 seconds using 13189336 bytes memory. Peak memory usage: 13603136 bytes.