Recently encountered a version of Gel4y Mini Shell that is not detectable by Imunify360 yet! Gel4y Mini Shell is a small PHP shell that has two notable features: 🔴 Compared to other PHP shells such as IDBTE4M BOT V87 Gel4y Mini Shell by Indonesian Darknet offers a lot fewer features: Source code: UPDATE: Imunify360 now … Read full article →
This table displays the market share (in %) for each WordPress version of all the active WordPress websites on the internet. $(document).ready(function() { $.getJSON(‘https://api.wordpress.org/stats/wordpress/1.0/’) .done(function(resData) { var table_str = ‘ WordPress Version Usage (in %) ‘; $.each(resData, function(key, value){ table_str += ‘ ‘ + key + ‘ ‘ + value + ‘ ‘; }); table_str += … Read full article →
Posts are articles listed in reverse chronological order that are easy to read, share or comment on. While Pages primarily include static information about your organization, products or services, etc., they don’t usually have comment areas and share links. Posts can be more easily organized and used to interact with your audience, whereas pages are mostly … Read full article →
SQL (Structured Query Language) is a language that allows code to interact with databases. Injecting SQL commands into a vulnerable user input section on your WordPress website such as a contact form or search box is considered an SQL Injection attack. Depending on the actual SQL command, this could purge the database, send the data … Read full article →
When editing the menu in customizer the changes failed to save with the error message: Looks like something’s gone wrong. Wait a couple seconds, and then try again. And when inspecting the page the following error appears: POST http://plugins.club/wp-admin/admin-ajax.php 403 (Forbidden) The 403 error is caused by something blocking access to the file such as … Read full article →
After upgrading WP to 6.0 the Edit post page is blank with the following errors in Chrome dev tools: I’ve disabled all plugins and reverted to the default 2022 theme, but the problem continues. After examining the files in question, I discovered that they were being utilized by the Gutenberg editor, so I temporarily disabled … Read full article →
The most regularly seen attack type is script injection (XSS attack), rogue scripts are injected into the webpage for malicious purposes. This includes redirects to third-party websites, collecting user data, downloading malware to visitors, etc. WordPress has a bunch of useful developer functions that are used to sanitize data (Validating Sanitizing and Escaping User Data) … Read full article →
Deleting all inactive WordPress themes and plugins from your website is a recommended security practice. Even when deactivated, old, insecure plugins and themes might still pose a threat to the security of your WordPress website. Here are oneliners to remove inactive themes and plugins from your WordPress website using WP-CLI. List all inactive WordPress themes: Delete … Read full article →
Useful WP-CLI commands that I use when cleaning hacked WordPress websites in order to reinstall WP core, all themes, and plugins from WordPress.org
Here is a simple WordPress plugin that will automatically add tags from the post title when saving posts. To use this plugin, simply copy and paste the code into a new file and save it as auto-tag.php in the wp-content/plugins directory of your WordPress site. Then, go to the Plugins page in the WordPress admin … Read full article →