How to: Protect WordPress from brute-force XML-RPC attacks

The WordPress XML-RPC API has been under attack for many years now. Back in August 2014, WordPress released version 3.9.2, fixing a possible denial of service issue in PHP’s XML processing. There are brute-force amplification attacks, reported by Sucuri, and so on. So, how do you protect WordPress from xmlrpc.php attacks, but still being able to use (some of) its functionality like Jetpack? This post […]

Read More

Check WordPress Core files integrity

Check the md5 checksum of WordPress Core files against WordPress’ checksums API, using this standalone PHP file. I chose to use a standalone PHP script to check the md5sum of WordPress Core files against the API so you’re not dependent on a possibly hacked WordPress installation. This kind of guarantees the result can be trusted, as opposed to using a WordPress plugin. I think this […]

Read More

Tips to speed up WordPress, serve gzip compressed static HTML files

Who said WordPress is slow on Windows Server IIS? Gzip compress and serve WP-Super-Cache or Cache Enabler static HTML files, to supercharge your WordPress blog. Here is how to serve gzip compressed HTML files through Windows Server IIS: create smaller, compressed, static HTML files, that are downloaded faster. This works with WP-Super-Cache and Cache Enabler on IIS!

Read More

How to optimize your WordPress hosting – 9+ practical tips

Isn’t it true that, when you (start to) develop WordPress websites for clients, and you host them yourself, you find yourself in a situation where you need to know a lot about “stuff” other than WordPress development? In this optimizing WordPress hosting post, I provide 9+ practical tips for you, to improve WordPress hosting performance. Especially useful if you plan to develop and host WordPress […]

Read More

SSL in WordPress: how to move WordPress to HTTPS? The definitive guide

How to add SSL and HTTPS in your WordPress site, the definitive guide! Did you know that having an SSL certificate on your website is the de-facto standard nowadays? Google ranks sites having HTTPS higher in their SERP. But in WordPress, what do you need to do to set up, enable and install an SSL certificate in your WordPress website? You’ll learn the important steps to move WordPress from http to https in this post.

Read More