How does WordPress’s Recently Active Plugins list work? Recently Active lists inactive plugins that have been deactivated in the last 7 days. In wp-admin/plugins.php line 212 the option “recently_activated” gets updated if a plugin is deactivated: so the data is stored in the database table wp_options > recently_activated The option contains an associative array containing the path … Read full article →
Recently encountered a version of Gel4y Mini Shell that is not detectable by Imunify360 yet! Gel4y Mini Shell is a small PHP shell that has two notable features: 🔴 Compared to other PHP shells such as IDBTE4M BOT V87 Gel4y Mini Shell by Indonesian Darknet offers a lot fewer features: Source code: UPDATE: Imunify360 now … Read full article →
IDBTE4M BOT V87 is a PHP shell that has a rarely good mailer function which is hard to detect because it uses random [email protected] for sending SPAM: source code: when accessed publically the IDBTE4M BOT V87 shell gives a blank page, but with a POST request containing the random password, the shell looks like this: … Read full article →
Here is a simple WordPress plugin that will automatically add tags from the post title when saving posts. To use this plugin, simply copy and paste the code into a new file and save it as auto-tag.php in the wp-content/plugins directory of your WordPress site. Then, go to the Plugins page in the WordPress admin … Read full article →
Information disclosure, also known as data breach is the unintentional exposure of sensitive information. This sensitive information can be anything from technical information such as plugin versions or hosting plan limits, to users information that should not be made public. Information disclosure is not a hack but allows an attacker to obtain sensitive information that … Read full article →
In this post, I will discuss the most realistic phishing popup that I’ve seen in years. These popups appear only on WordPress websites that use Cloudflare and can easily be mistaken with the original Cloudflare’s “sorry you have been blocked” screen. The post is divided in two sections: Analysis of the malware and malicious code … Read full article →
WordPress uses the wp_commentmeta and wp_comments tables to store comments and their data. To delete all comments in WordPress simply empty those tables in the database: To delete all spam comments use: To delete all unapproved comments use: NOTE: In the above commands change wp_ prefix with the table prefix that you are using *(view … Read full article →
Many users choose to host their images on an external service to reduce the load on their hosting. If you are interested in doing this, you will only have to change the location of all the images that you have already uploaded. To do this, you need to make two SQL queries in your database: 1. … Read full article →
Since WordPress 5.3, a prompt asking to confirm the administration email address appears every six months when a user with an administrator role tries to access the wp-admin dashboard. This feature was introduced to make sure that the email address configured in Settings → General is active. When this screen is shown you have several options: But … Read full article →
We occasionally find ourselves in a situation where we need to test the website first, then point the domain name if everything is in order. To achieve this there are multiple ways: Edit Hosts file on your local computer Use online service such as skipDNS Access WordPress using temporary server URL In this guide We … Read full article →