File inclusion vulnerabilities allow an attacker to read (and sometimes execute) files on the WordPress website, gain unauthorized access to sensitive information and inject malicious files through the “include” functionality. This can be very dangerous because if the webserver is misconfigured the attacker may gain access to sensitive user information and even execute arbitrary commands. There … Read full article →
Here is a snippet that allows you to set a custom image on the WordPress login page and set a custom link: Replace https://your-domain.com/wp-content/uploads/2023/custom-logo.png with your logo https://your-domain.com with your link
Here are some useful commands to clear cache from the terminal with wpcli: cdn_purge purge URLs from CDN and Varnish flush all flushes all cache related to W3TC (Page Cache, OC, DB Cache, Minify, etc.) flush page flushes pages cache only flush posts flushes both pages & posts cache flush database flushes DB cache flush … Read full article →
In this post, I will discuss the most realistic phishing popup that I’ve seen in years. These popups appear only on WordPress websites that use Cloudflare and can easily be mistaken with the original Cloudflare’s “sorry you have been blocked” screen. The post is divided in two sections: Analysis of the malware and malicious code … Read full article →
This is another neat feature that I needed but didn’t really want to use another plugin to accomplish it. To display user roles inside WordPress comments like on the image above ? use the following code snippet:
In this post I discussed an example where wp_options table had 900k rows of plugin-based data in it, causing the wp-admin dashboard to load slowly. As noted there, good coding practice is for each plugin to create its own database tables and use those instead of default WP tables. While the WordPress community actively improves … Read full article →
Welcome to the world of Blogging. 🎉🎉🎉 Blogging is a great way to express yourself, build a business, or share experiences. There are endless reasons that drive people to start blogs. No matter what your reason for beginning is, you can get your WordPress blog set up and running in five easy steps. 1. What’s … Read full article →
WordPress Missed Schedule error means that the Scheduled post was not published for some reason: There are a few possible reasons for the WordPress Missed Schedule Error: 12.12.2022 UPDATE: There is a bug in WordPress 6.1 that causes this error WordPress Timezone Settings WordPress Timezone Settings are located under Settings → General From there, make … Read full article →
Here are the most common types of WordPress malware attacks. Permanent malware eradication entails conducting a thorough investigation and determining the type of attack that occurred, how it occurred, and permanently closing that door. This is known as root cause analysis and vulnerability fix in the security world. 🔀 Cross-site scripting (XSS) The most regularly … Read full article →
To check if a plugin is active in WordPress, you can use if ( is_plugin_active( ‘plugin-directory/plugin-file.php’ ) ) { if ( is_plugin_active( ‘akismet/akismet.php’ ) ) { // plugin is active } else { // plugin is inactive } You can also use the get_plugins() function to retrieve all the plugins installed on the site and … Read full article →