How to move WordPress pages to the Domain Root

I have a WordPress blog on pcelarstvopejcic.com/blog and a few pages that I would like to move to the domain document root, so that: pcelarstvopejcic.com/blog/contact becomes pcelarstvopejcic.com/contact pcelarstvopejcic.com/blog/shop becomes pcelarstvopejcic.com/shop So this way I only have one WP installation and blog posts would be accessible via pcelarstvopejcic.com/blog/POST and pages in pcelarstvopejcic.com/PAGE To do this, edit … Read more

Install a WP-CLI Package

Packages can be installed to add functionality to WP-CLI, for example wp-cli/wp-super-cache-cli package will add functions for managing WP Super Cache plugin from the terminal. Here is a list of My favourite packages from the wp-cli/package-index: billerickson/wp-cli-plugin-install-missing install any plugins that are “active” but not installed binarygary/db-checkpoint create quick db snapshots for development purposes jaywood/jw-wpcli-random-posts … Read more

3 ways to Scan WordPress for Vulnerabilities

In this post, I will be using 3 free tools to scan WordPress websites for vulnerabilities. NAME PLATFORM HOW TO USE LIMITS WPScan Windows & Linux terminal free plan: 25 reports daily WPSEC website online free plan: 20 scans daily Burp Suite Windows & Linux application ∞ 1. From the terminal: WPScan If you have … Read more

Types of WordPress Malware Attacks and What They Do

Here are the most common types of WordPress malware attacks. Permanent malware eradication entails conducting a thorough investigation and determining the type of attack that occurred, how it occurred, and permanently closing that door. This is known as root cause analysis and vulnerability fix in the security world. 🔀 Cross-site scripting (XSS) The most regularly … Read more

Setup tab completions for WP-CLI

Tab completion is a useful time-saving feature of command line interfaces. To enable tab completion for WP-CLI We need to edit the ~/.bash_profile file. Step 1. In your home directory download WP-CLI tab completion file Step 2. Edit your ~/.bash_profile and add the following line: source ~/wp-completion.bash Save and exit. Step 3. Source the profile … Read more

WordPress to Gatsby on netlify

When migrating from WordPress CMS to another CMS there are a couple of ways to easily export all your posts and media files: GraphQL API for WordPress Convert WordPress to Markdown In this guide we will be using the WPGraphQL plugin and Netlify to deploy a Gatsby website. Step 1. Fork the gatsbyjs/gatsby-starter-wordpress-blog repo on … Read more

What is 🗄️ File inclusion and How to prevent WordPress file inclusion attacks

File inclusion vulnerabilities allow an attacker to read (and sometimes execute) files on the WordPress website, gain unauthorized access to sensitive information and inject malicious files through the “include” functionality. This can be very dangerous because if the webserver is misconfigured the attacker may gain access to sensitive user information and even execute arbitrary commands. There … Read more

Display template name in WP admin bar

Figuring out templates that are being used while you are building and developing a custom WordPress website can be problematic. Using the following snippets you can quickly and easily display template name or full path to the file in your wp-admin bar. Display Template name To display just template name add the following to functions.php … Read more

What is ℹ️ Data breach (information disclosure) and How to prevent WordPress information disclosure

Information disclosure, also known as data breach is the unintentional exposure of sensitive information. This sensitive information can be anything from technical information such as plugin versions or hosting plan limits, to users information that should not be made public. Information disclosure is not a hack but allows an attacker to obtain sensitive information that … Read more