There is a DoS vulnerability in all WP installations. It is hidden in the load-scripts.php and load-styles.php files. Their purpose is to combine scripts and styles in the administration to load the admin faster. You can ask them to combine a huge amount of files, the result will be a huge load and it may … Continue reading WordPress CVE-2018-6389 – DoS
VPN is very important part of security. I prepared a set of script, so it is easy to run your own VPN server on VPS. The scripts are available in my Cloud Tunnels respository. There are 3 types of technologies: IKEv2 VPN with StrongSwan and Let's Encrypt certificate (the best option) L2TP VPN server with … Continue reading VPN in clouds
I prepared a list of useful .htaccess examples for my WordCamp Brno talk (2017-10-21): https://gist.github.com/lynt-smitka/2f1f7288fb42646fdc41bccc67ceef81
Statistics from the Czech WordPress Environment 2017-08: Data from the original research.
It is worth to hide the WordPress version? Does it enhance your security? I think the answer is NO. How to detect WordPress version: readme.html meta generator tag RSS feed wp-links-opml.php Advanced Fingerprinting Query strings in install.php/upgrade.php (my own method) It is very hard to block all these way and it protects you only from … Continue reading WordPress version: To hide or not to hide?
Tiny FTP server tailored for network administrators - set credentials, path and go. Command line attributes: -u user (user) login name -p password (password) login pass -s (start) autostart -d (daemon) autostart and minimize path directory with files Example: mikroftp.exe -u user -p pass -d d:\ftp Download (80kB)