You are here: Saotn.org » WordPress

WordPress

WordPress.org logo

WordPress Security, WordPress Help, and WP optimization and development. Run WordPress and your servers as efficiently and secure as possible. These articles provide a broad overview of WordPress security, optimization and developent with specific recommended approaches. This is of huge importance for every WordPress developer and website owner. Harden your WordPress website security with these valuable tips!

In the first place how to optimize WordPress performance on Windows Server IIS. Secondly how to use WordPress plugins for speed, optimization & security. Tips! And PHP and MySQL! After all this is everything we want.

Disable WordPress XCloner Plugin logger in MySQL / phpMyAdmin

If XCloner Logger option is enabled, it will store a log file inside the xcloner-XXXXX folder inside the backup archive. The file is named xcloner-xxxxx.log. This can generate a huge amount of temporary files and log files on your file system. This short article provides you one SQL statement to disable XCloner log directly in your WordPress MySQL database, using phpMyAdmin.

How to Fix Yoast SEO for WordPress DeleteDuplicateIndexables MySQL error

In recent days, there are a number of reports about broken Yoast SEO database operations, related to the DeleteDuplicateIndexables function. The PHP function is located in the file wordpress-seo\src\config\migrations\20200507054848_DeleteDuplicateIndexables.php, and in this post I’ll provide you with a possible fix for this statement. Read on.

Show the number of registered WordPress users in the At-a-Glance widget in the Dashboard

Count and display number of WordPress users in your Dashboard

Show the number of registered WordPress users in At-a-Glance widget

Often when a WordPress site is compromised, the website owner doesn’t notice anything strange at first. First a lot of users are created, and it’s only later when posts filled with spam are created or existing pages/posts edited. In the time between compromise and creation of spam posts, a website owner might notice an increased number of users. If he has the means to. And that’s what this little plugin does.

Set PHP handler accessPolicy (Request Restrictions) to Read in IIS

Disallow direct access to PHP files in wp-content/uploads/

Secure wp-content/uploads in Linux Apache and Windows Server IIS

It’s recommended to disallow access to and execution of PHP files in wp-content/uploads folder. Preferably without the use of a security plugin. Blocking access to PHP files in WordPress wp-content/uploads folder is easily achieved with a .htaccess file on Linux Apache, or web.config accesssPolicy in Windows Server IIS, and here is how.

Reduce Wordfence CPU usage, disable Wordfence “Live Traffic View”

Whenever WordPress is using a lot of CPU and you have Wordfence Security plugin enabled, it is recommended to double check some settings. Unfortunately the Wordfence “Live Traffic Options” (“Traffic logging mode”) feature can cause high CPU usage and load issues for WordPress websites. Therefore, I recommend you disable this feature to improve the performance of your WordPress website.

Automatically flush Redis cache after publishing a WordPress post

In a previous post I explained that clearing PHP opcode caches before WordPress Updates helps in streamlining the update process. WordPress updates no longer fail because of cached file locations. Did you know you can automatically flush opcode caches like Redis when you publishing a post or page in WordPress? Doing so ensures you and your visitors see the newly created content immediately.

Security?

WordPress .htaccess security best practices in Apache 2.4.6+

Apache Access Control done right in WordPress .htaccess, ‘Allow/Deny from all’ versus ‘Require All Granted/Denied’

Since Apache 2.4.6, a new module is used to configure and set up access control for websites: mod_authz_core. This means you have to use a different syntax for allowing or blocking hosts and IP addresses to your website. But unfortunately, old documentation is never updated and people even still write blog posts using that old syntax, leaving you with an unprotected website. Not what you had in mind, now is it?…

Increase WordPress’ memory limit WP_MEMORY_LIMIT properly in wp-config.php

How to increase the memory limit for your WordPress website, the right way.

The WordPress memory limit can be increased by the WP_MEMORY_LIMIT variable in wp-config.php. However, I see this done wrong over and over again in WordPress plugins and themes. In a worst case scenario this may even decrease the available amount of memory for WordPress! So be careful with the advice you follow. In this post I show you a correct way of setting WordPress WP_MEMORY_LIMIT and PHP memory_limit settings.

How to: Protect WordPress from brute-force XML-RPC attacks

The WordPress XML-RPC API has been under attack for many years now. Back in August 2014, WordPress released version 3.9.2, fixing a possible denial of service issue in PHP’s XML processing. There are brute-force amplification attacks, reported by Sucuri, and so on. So, how do you protect WordPress from xmlrpc.php attacks, but still being able to use (some of) its functionality like Jetpack? This post gives you some insight.

Check WordPress Core files integrity

Verify WordPress Core files md5 checksums against WordPress’ checksums API, using this standalone PHP file. I chose to use a standalone PHP script to check the md5sum of WordPress Core files against the API so you’re not dependent on a possibly hacked WordPress installation. This kind of guarantees the result can be trusted, as opposed to using a WordPress plugin. I think this is a better integrity check of WordPress Core files.

Clear PHP opcode caches before WordPress Updates: ease the updating process

In various hosting environments, WordPress core-, plugin- and theme updates sometimes fail because of enabled opcode caches. Popular PHP opcode caches are OPcache, WinCache and APC. This little WordPress Must Use Plugin tries to flush opcode caches. Making your live a bit easier when updating WordPress Core, Plugins and Themes.