You can find few useful tiny mu-plugins in my example Nginx configuration for WP. Must-use plugins (a.k.a. mu-plugins) are plugins installed in a special directory inside the content folder and which are automatically enabled on all sites in the installation. Must-use plugins do not show in the default list of plugins on the Plugins page of wp-admin … Continue reading Useful WordPress mu-plugins
WordPress CVE-2018-6389 – DoS
There is a DoS vulnerability in all WP installations. It is hidden in the load-scripts.php and load-styles.php files. Their purpose is to combine scripts and styles in the administration to load the admin faster. You can ask them to combine a huge amount of files, the result will be a huge load and it may … Continue reading WordPress CVE-2018-6389 – DoS
VPN in clouds
VPN is very important part of security. I prepared a set of script, so it is easy to run your own VPN server on VPS. The scripts are available in my Cloud Tunnels respository. There are 3 types of technologies: IKEv2 VPN with StrongSwan and Let's Encrypt certificate (the best option) L2TP VPN server with … Continue reading VPN in clouds
.htaccess examples
I prepared a list of useful .htaccess examples for my WordCamp Brno talk (2017-10-21): https://gist.github.com/lynt-smitka/2f1f7288fb42646fdc41bccc67ceef81
Czech WordPress Environment
Statistics from the Czech WordPress Environment 2017-08: Data from the original research.
WordPress version: To hide or not to hide?
It is worth to hide the WordPress version? Does it enhance your security? I think the answer is NO. How to detect WordPress version: readme.html meta generator tag RSS feed wp-links-opml.php Advanced Fingerprinting Query strings in install.php/upgrade.php (my own method) It is very hard to block all these way and it protects you only from … Continue reading WordPress version: To hide or not to hide?
WordCamp Praha 2017
Chystá se další ročník největší české WordPress konference - WordCamp Praha 2017. Bude se konat v sobotu 18.2.2017 tradičně v prostorách VŠE. Opět zde budu mít svou přednášku, jako vždy se bude týkat bezpečnosti. Velká část z ní se bude však zabývat výkonem a trochu použitelností - prostě projdeme ty nejčastější chyby, kterých se začátečníci … Continue reading WordCamp Praha 2017
MikroFTP
Tiny FTP server tailored for network administrators - set credentials, path and go. Command line attributes: -u user (user) login name -p password (password) login pass -s (start) autostart -d (daemon) autostart and minimize path directory with files Example: mikroftp.exe -u user -p pass -d d:\ftp Download (80kB)
Vladimir Smitka 