Category: wordpress

xmlrpc.php is only in use, if the user uses the wordpress app. if the app is not used, it would be wise to disable this file, because it is frequent target of brute force (trying out a billion passwords) attacks, […]

correct if wrong but… checkout this picture, just uploaded to this self-hosted wordpress instance recently: it “suddenly” and without consent it also exists on this server i2.wp.com, the “cool” wordpress CDN, that is supposed to speed up loading time of […]

automatic (daily, hourly?) updates of everything internet-reachable is important. of course developers need to provide timely updates for possible cybersec problems users/admins need working update methods that work with minimum downtime the wordpress “automatic core and plugin auto-updates” feature, has […]

will be redone soon

Yes! RSS (“Really Simple Syndication“) FEEDs are still a very practical thing to follow certain websites & blogs & news outlets & aggregators & stay current on those platforms. Instead of letting big media outlets shovel news indiscriminately down the […]

“First Things First” “Welcome.” “WordPress is a very special project to me.” “Every developer and contributor adds something unique to the mix, and together we create something beautiful that I’m proud to be a part of.” “Thousands of hours have […]

everyone wants a functional website is secure loads within max 10sec (absolute maximum imho) that actually works (menu is working, links not dead…) is rich in high quality content can be found via search engines a beautiful website (but not […]

setup LAMP GNU-Linux Apache2 MariaDB PHP7.3 su – root; # become root apt update; # update system to latest apt upgrade; # database first apt install mariadb-server mariadb-client # set root pwd for database (can be root on dev test […]

1×× Informational 100 Continue 101 Switching Protocols 102 Processing 2×× Success 200 OK 201 Created 202 Accepted 203 Non-authoritative Information 204 No Content 205 Reset Content 206 Partial Content 207 Multi-Status 208 Already Reported 226 IM Used 3×× Redirection 300 […]

lately this blog gets bombarded with queries like these: which decoded are Korean SPAM? which translates as: iptables / firewalld seem not to work and have to really really figure out why. until then this is a little workaround, it […]

list of RSS feeds that might be interesting 😀 RSS-Feeds are files.xml, which are auto-generated by CMS like WordPress. It can be subscribed to with an RSS-Client Software. Thunderbird (the Mail program) for example (tested on version 60.6.4 and above) […]

WARNING! BACKUP YOUR MACHINE! UNTESTED! before running this script change to your new web root: /home/UserName/web/domain.com/public_html then run it like /scripts/install_wordpress.sh it tries to: download and unpack the latest wordpress into the current directory disable xmlrpc.php disable wp-cron.php requirements: a […]

FTP->SFTP now! first things first: ABANDON FTP IT IS INSECURE AND WILL TRANSFER YOUR PASSWORDS AND FILES IN CLEAR TEXT OVER THE INTERNET! MOVE TO SFTP (FTP OVER SSH) with strong passwords! if you run your own server – disable […]

WARNING! central VestaCP software vendor was hacked in 2018 not sure if they fixed the problem and continue VestaCP development (a shame, it was really a very very nice web based gui to admin web and mailsevers) 1. check what […]

as a wordpress blogger and maintainer of knowle bases, you probably come accross this problem… you have 3x posts of different quality about the same problem. and you want to redirect 2x posts of bad quality to the 1x of […]

While the “blocks” model makes sense for mobile layouts and contents – i found it pretty sluggish on the desktop for “quickly” updating this or that blog post and decided: i would like to have the old editor back – […]

“In the world of Information Technology, change is constant, compliance is inevitable, adaptability is required” i would add: “resistance is futile” “In the world of Information Technology, change is constant, compliance is inevitable, adaptability is required; therefore, staying one-step ahead […]

By the amount of commentary SPAM i get on WordPress using Google’s ReCaptcha… it wonder if i shut just disable comments all together (kind of what Anti Spam Bee did… it was impossible for me to comment on my own […]

while fencing of DDoS is a science of itself, a little .htaccess can help provide additional security: https://dwaves.de/2019/03/04/how-to-htaccess-limit-wordpress-searches/ in my opinion this is just plain stupid… luckily fail2ban is realitvely fast in stopping those attacks… but they also put strain […]

DDoS attacks are nasty stuff. Even such simple programs as – autobench – Automates the benchmarking of web servers using httperf – can sufficiently choke a webserver by spawning hundreds and thousands of mysql processes – exhausting all resources of […]

https://sourceforge.net/projects/wincachegrind/

There are legitimate crawlers out there from google, yahoo, yandex & co trying to update their RAM-held databases of news from your site (a sitemap.xml generated by google-xml-plugin can help there). But there are also evil mail-address-collecting bots that are […]

The original part of Facebook Buttons automatically send information about website visitors to the social network. (without consent) You do not even need to click on any button for this to happen. This happens already when requesting the page in […]

update: 2018.04 PaleMoon archive Server HACKED! “A malicious party gained access to the at the time Windows-based archive server” (src) oh gosh! ? GO USE CENTOS DEBIAN AND LATEST KERNEL NOW! “malware dropper tracked by ESET as Win32/ClipBanker.DY” (steals bitcoins) […]

i really like wordpress… this blog is using it. what i don’t like if things become tooo “automatic”. including fonts and scripts from external sources (google) that can be changed/updated/modified anytime… they could smuggle surveillance code into a billion wordpress […]

This is caused by this Plugin Black Studio TinyMCE Widget -> which is used by PageBuilder it adds a nasty <p> in front and back of everything you enter… <p>[masterslider id=”15″]</p><h1 style=”text-align… unless you uncheck this:    

DOES NOT WORK WITH WOOCOMMERCE-SHOP!!!! -> if you need that look here. If you have woocommerce installed check out this: https://wordpress.org/plugins/wp-migrate-db/ (UNTESTED! PRO IS 90USD) If you do not have woocommerce installed, but SiteOrigin’s PageBuilder: All kinds of manual database […]

“Instead, you could export a copy of your database (as an .sql file) using phpMyAdmin or the command line, run a find and replace on it to update URLs and file paths, then import it into your local environment using phpMyAdmin […]

now come the downside of the blog-software wordperss: Custom Menus. Good: You can arrange Menu items through the backend (Dashboard -> Design -> Menu -> Create new Menu -> Add Links, Categories, Pages, Posts… whatever you want) but to design-div-wise […]

create new file: /wp-content/themes/yourtheme-child/master-slider.read.php [cc lang=”php” escaped=”true” width=”600″] [/cc]