UUIDs (Universally Unique IDentifier), also known as GUIDs (Globally Unique IDentifier), is a string that identifies a piece of information in computer systems. WordPress use GUIDs to identify each individual post, but use URLs (kind of) for GUIDs, and thus does not follow the standard definition (RFC 4122) of a UUID (or GUID).
WordPress doesn’t use a nonce for the login form, which opens up for you to perform a WordPress session donation attack.
If you have someone’s public SSH key, you can use OpenSSL to safely encrypt a file and send it to them over an insecure connection (i.e. the internet). They can then use their private key to decrypt the file you sent. Continue reading “Encrypt and decrypt a file using SSH keys”
In your WordPress site, there are directories that include PHP files that visitors should never be able to access directly. They are only there for WordPress to function as an application that runs on your server. But because of WordPress’ directory and file structure, they are kind of accessible to the public. All of them are meant to be part of a larger application – WordPress, that is – and should not cause any harm if called directly – that we know. Some of the files execute some code even when ran standalone. An attacker might know of a clever way to make that code run in an unexpected manner, causing harm. To be on the safe side, we should deny access to all these PHP files from the outside world. Since we block access to them in our Nginx configuration, PHP will still run them as usual and WordPress will work just fine.
HHVM can really speed up your PHP-based web site. Most reports are somewhere in the range of 2–4x faster. Unfortunately, HHVM isn’t very stable and will suddenly die, just of the blue, from time to another. Fortunately, if you’re running Nginx it’s really easy to set up PHP-FPM as a fallback. Continue reading “Running HHVM with fallback to PHP-FPM”
OK, so you might have been at a WordCamp listening to talks or reading a few blog posts and you get that you should really get your WordPress site speed optimized. Starting all over isn’t either tempting nor something you have the time for. Don’t despair, you’ll get a long way by installing 5 plugins.
Continue reading “«Slap-on» speed optimization of your WordPress site”
I always run the latest LTS version of Ubuntu on all my servers. Unfortunately, the Nginx versions tend to be quite the bit behind the current release. So how do you get an updated, current version of without resorting to having to maintain the packages yourself? Luckily, the Nginx team have their own Ubuntu apt repository so it’s easy to keep current with the latest version of Nginx. Continue reading “Install latest version of Nginx on Ubuntu”
I always run the latest LTS version of Ubuntu on all my servers. Currently the latest LTS is 14.04 which comes with PHP version 5.5, but as of November 2014, the latest stable version is 5.6. So how do you get an updated, current version of PHP without resorting to having to maintain the packages yourself? The answer is in PPA. Continue reading “Install latest version of PHP on Ubuntu”
You have finished that WordPress site, and want to deploy it – move it from your test server to the production server where it goes live. But how? WordPress have a famous 5-minute-install, but there is no 5-minute-go-live-script*. I’ll show you how in these 5 easy-to-follow steps. Continue reading “Publishing WordPress site from development to production server – or moving your WordPress installation from one host to another”
If you have a static IP address, like from your own VPN, it is very easy to increase your security tremendously. Simply restrict all logins to that IP address.
Continue reading “Restricting access to WordPress login by IP address”