Security Researcher 🔓
My name is Vladimir Smitka and I’m a security researcher/hobbyist from the Czech Republic. I specialize in WordPress security&performace and secure infrastructure for running websites. I do massive scans of the internet for my research. I’m also the owner of Lynt, a PPC Agency and Spirit Radar, a global service for tracking prices of Rums and Whiskies. I’m also an active member of the Czech WordPress community and one of the WordCamp Prague organizers. For a quick understanding of my approach, check out my WordCamp EU security talk.
Blog
Latest articles on bugs found, scan results and tips.
-
WP comments antispam
Read more: WP comments antispamAkismet is fine, but I decided to write a simple WordPress comments antispam for research resons. There are some proven methods to fight against spammy comments: honeypot field “nick”, it is hidden by CSS – only bots will fill it block comments with BB code [url=…] HTTPBL (DNSBL) from http://www.projecthoneypot.org – you need API key Block comment…
-
Useful WordPress mu-plugins
Read more: Useful WordPress mu-pluginsYou can find few useful tiny mu-plugins in my example Nginx configuration for WP. Must-use plugins (a.k.a. mu-plugins) are plugins installed in a special directory inside the content folder and which are automatically enabled on all sites in the installation. Must-use plugins do not show in the default list of plugins on the Plugins page of wp-admin…
-
WordPress CVE-2018-6389 – DoS
Read more: WordPress CVE-2018-6389 – DoSThere is a DoS vulnerability in all WP installations. It is hidden in the load-scripts.php and load-styles.php files. Their purpose is to combine scripts and styles in the administration to load the admin faster. You can ask them to combine a huge amount of files, the result will be a huge load and it may…
-
VPN in clouds
Read more: VPN in cloudsVPN is very important part of security. I prepared a set of script, so it is easy to run your own VPN server on VPS. The scripts are available in my Cloud Tunnels respository. There are 3 types of technologies: IKEv2 VPN with StrongSwan and Let’s Encrypt certificate (the best option) L2TP VPN server with…
-
.htaccess examples
Read more: .htaccess examplesI prepared a list of useful .htaccess examples for my WordCamp Brno talk (2017-10-21): This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters Show hidden characters…
-
Czech WordPress Environment
Read more: Czech WordPress EnvironmentStatistics from the Czech WordPress Environment 2017-08: Data from the original research.
-
WordPress version: To hide or not to hide?
Read more: WordPress version: To hide or not to hide?Should you hide your WordPress version? Will it enhance security of your site? Probably not! In this article you can read the reasons and learn a brand new method to determine WP version.
-
WordCamp Praha 2017
Read more: WordCamp Praha 2017Chystá se dalšà roÄŤnĂk nejvÄ›tšà českĂ© WordPress konference – WordCamp Praha 2017. Bude se konat v sobotu 18.2.2017 tradiÄŤnÄ› v prostorách VĹ E. OpÄ›t zde budu mĂt svou pĹ™ednášku, jako vĹľdy se bude tĂ˝kat bezpeÄŤnosti. Velká část z nĂ se bude však zabĂ˝vat vĂ˝konem a trochu pouĹľitelnostĂ – prostÄ› projdeme ty nejÄŤastÄ›jšà chyby, kterĂ˝ch se začáteÄŤnĂci…
-
MikroFTP
Read more: MikroFTPTiny FTP server tailored for network administrators – set credentials, path and go. Command line attributes: -u user (user) login name -p password (password) login pass -s (start) autostart -d (daemon) autostart and minimize path directory with files Example: mikroftp.exe -u user -p pass -d d:\ftp Download (80kB)
Subscribe
Enter your email below to receive updates.
Vladimir Smitka 