I have a WordPress blog on pcelarstvopejcic.com/blog and a few pages that I would like to move to the domain document root, so that: pcelarstvopejcic.com/blog/contact becomes pcelarstvopejcic.com/contact pcelarstvopejcic.com/blog/shop becomes pcelarstvopejcic.com/shop So this way I only have one WP installation and blog posts would be accessible via pcelarstvopejcic.com/blog/POST and pages in pcelarstvopejcic.com/PAGE To do this, edit … Read more
Packages can be installed to add functionality to WP-CLI, for example wp-cli/wp-super-cache-cli package will add functions for managing WP Super Cache plugin from the terminal. Here is a list of My favourite packages from the wp-cli/package-index: billerickson/wp-cli-plugin-install-missing install any plugins that are “active” but not installed binarygary/db-checkpoint create quick db snapshots for development purposes jaywood/jw-wpcli-random-posts … Read more
In this post, I will be using 3 free tools to scan WordPress websites for vulnerabilities. NAME PLATFORM HOW TO USE LIMITS WPScan Windows & Linux terminal free plan: 25 reports daily WPSEC website online free plan: 20 scans daily Burp Suite Windows & Linux application ∞ 1. From the terminal: WPScan If you have … Read more
Here are the most common types of WordPress malware attacks. Permanent malware eradication entails conducting a thorough investigation and determining the type of attack that occurred, how it occurred, and permanently closing that door. This is known as root cause analysis and vulnerability fix in the security world. 🔀 Cross-site scripting (XSS) The most regularly … Read more
Tab completion is a useful time-saving feature of command line interfaces. To enable tab completion for WP-CLI We need to edit the ~/.bash_profile file. Step 1. In your home directory download WP-CLI tab completion file Step 2. Edit your ~/.bash_profile and add the following line: source ~/wp-completion.bash Save and exit. Step 3. Source the profile … Read more
When migrating from WordPress CMS to another CMS there are a couple of ways to easily export all your posts and media files: GraphQL API for WordPress Convert WordPress to Markdown In this guide we will be using the WPGraphQL plugin and Netlify to deploy a Gatsby website. Step 1. Fork the gatsbyjs/gatsby-starter-wordpress-blog repo on … Read more
File inclusion vulnerabilities allow an attacker to read (and sometimes execute) files on the WordPress website, gain unauthorized access to sensitive information and inject malicious files through the “include” functionality. This can be very dangerous because if the webserver is misconfigured the attacker may gain access to sensitive user information and even execute arbitrary commands. There … Read more
Figuring out templates that are being used while you are building and developing a custom WordPress website can be problematic. Using the following snippets you can quickly and easily display template name or full path to the file in your wp-admin bar. Display Template name To display just template name add the following to functions.php … Read more
Cross-Site Request Forgery (CSRF) is an attack that forces logged-in users to submit a request to a WordPress website where they are currently authenticated. CSRF attacks exploit the trust a WordPress website has in an authenticated user. CSRF attacks are aimed at your WordPress website users to make them do various actions on your website: … Read more
Information disclosure, also known as data breach is the unintentional exposure of sensitive information. This sensitive information can be anything from technical information such as plugin versions or hosting plan limits, to users information that should not be made public. Information disclosure is not a hack but allows an attacker to obtain sensitive information that … Read more