Over the course of one week I had the opportunity to audit two hacked WordPress websites. I could quickly discover two vulnerabilities: a Cross Site Scripting, or XSS, in a premium WordPress theme Akal, and a Denial-of-Service in an undisclosed newsletter plugin. This post describes the Akal premium WordPress theme XSS vulnerability.
Continue readingSysadmins of the North
Technical blog, where topics include: computer, server, web, sysadmin, MySQL, database, virtualization, optimization and security
Category: WordPress (page 2 of 3)
Having an SSL certificate in your WordPress is the de-facto standard nowadays, did you know that? Google ranks sites having HTTPS higher in their SERP. But in WordPress, how do you configure an SSL certificate and HTTPS URL? You’ll learn the important steps to move WordPress from http to https in this post.
Continue readingHere are 17+ valuable WordPress snippets for site-specific plugins and functions.php to provide you a better WordPress experience. Enhance your WordPress site with these small PHP snippets: WordPress filters, actions and functions. Quickly add or extend the functionality you need for your WordPress website! Read on…
To regularly optimize my WordPress database tables, I created a small plugin that utilizes the WordPress Cron feature. This comes in handy to perform database optimization for WordPress on a regular basis, without forgetting about it. Just activate and enjoy. And here is the plugin code …
Continue readingThe WordPress WP-Super-Cache cache plugin doesn’t minify HTML cache files, which I find a disadvantage. Knowing minify libraries, I went looking for an existing solution (why reinvent the wheel?), and found one: WPSCMin. Read on …
Continue readingIn my WordPress multisite, I use one theme for three sites and a tracking code for analytics on my websites. Whether it is Google Analytics or Piwik doesn’t matter. Here is how you can conditionally add tracking codes to your WordPress Multisite: Use a condition in functions.php to add the tracking code for Piwik/Matomo Analytics or Google Analytics.
Or why *not* to add a delay … !
It is important to protect your WordPress website from brute-force attacks, and various security plugins exist in doing so. For the purpose of this article, I modified the WordPress Login Delay plugin with a fixed delay of three seconds for my wp-login.php page. This provides you with an easy to use method of protecting your WordPress login form (but do read the caveats!).
Do you host your WordPress website on Windows Server IIS? And are you having trouble with your web.config? I often receive questions about how to use a web.config file in WordPress on Windows Server, and which settings are important for a WordPress site. Maybe it’s because I’m a WordPress on IIS enthusiast, so here is my web.config for your convenience (really, it’s not that special).
Continue readingTransposh Translation Filter is the translation filter for WordPress, Transposh helps you multi-lingualize your blog with ease by translating your posts automagically. Unfortunately, Transposh plugin doesn’t load over HTTPS, which is easy to fix…
Continue readingInstalling WordPress is one thing, keeping it up to date is something else. Each week brings new bugs or potential attack scenarios that will make a WordPress website vulnerable to hacks. Enabling automatic updates for all or at least most parts of WordPress solves a large number of problems with irregularly maintained WordPress websites.
The WordPress comment system can be a bless for your blog, because of the user interaction. However, when the WordPress comment option is abused by spammers, it becomes a real pain in the “@ss”. With thousands spam reactions, disabling -and removing- WordPress comments is the only way to go. Here is how to disable WordPress comments in both the WordPress Dashboard interface and in your MySQL database.
Continue readingHow to display WordPress tags with commas in them? Normally, in a WordPress post all tags are comma seperated: php, wordpress, functions.php. But what if you want to use a tag with commas in it? For instance cafe, bar, restaurants. Easy, create a filter in your WordPress functions.php, here is how.
How to change WordPress’ stylesheet URL with add_filter(). Just a quicky: To change the stylesheet URL in WordPress, to offload static content, put the following in your theme’s functions.php file:
How to configure TLS for SMTP email in WordPress. I was suprised WordPress is not able to send email using an SMTP server out-of-the-box. Not to mention using authenticated SMTP or TLS transport for security. A quick Google search showed me multiple plugins to handle this, but I wanted to create something myself. Here is how to override the wp-mail() function and send email using authenticated SMTP and StartTLS from WordPress.
WordPress xmlprc.php DDoS and brute-force attacks. How to identify, block, mitigate and leverage these xmlrpc.php scans, brute-force, and user enumeration attacks on WordPress sites… Secure WordPress xmlprc.php interface and reduce service disruption.
Popular posts
-
Remove IIS Server version HTTP Response Header
-
List all SPNs used in your Active Directory
-
Disk Cleanup in Windows Server
-
PowerShell return value, exit code, or ErrorLevel equivalent
-
5 Extra ways to clean up disk space in Windows Server
-
Tunnel RDP through SSH & PuTTY
-
Fatal error: Uncaught Error: [] operator not supported for strings – PHP 7.1
-
"The length of the URL for this request exceeds the configured maxUrlLength value"
-
MySQL InnoDB performance improvement: InnoDB buffer pool instances – Updated!
-
WsusPool keeps crashing: stops again and again
Want to thank me?
If I’ve helped you out and you want to thank me, why not buy me a coffee?
Thank you
Proudly hosted by
© 2020 Sysadmins of the North
Theme by Anders Noren — Up ↑