Sep 23

WordPress’s popularity has made it a prime target for hackers. Each day countless self-hosted WordPress sites are damaged or taken down, usually by automated attacks exploiting known vulnerabilities.

Many WordPress site administrators only learn way too late about the important of pre-emptive security hardening after they have become victims of an attack and have suffered the consequences – loss of visitors, search engine ranking and damage to data.

Our Lead Developer Vladimir Lasky will be presenting the talk “Tips for Fixing a Hacked WordPress Site” at WordCamp Sydney 2016, to be held on the weekend of September 24 & 25 at the University of Technology Sydney (UTS) City Campus. Vlad’s talk will cover strategies and approaches to recovering compromised WordPress sites.

The presentation slides are available on SlideShare

Tags:

Sep 26

Our Lead Developer Vladimir Lasky will be presenting the talk “Make WordPress Fly With Virtual Server Hosting” at WordCamp Sydney 2014, to be held on the weekend of September 27 & 28 at the University of Technology Sydney (UTS) City Campus.

His talk advocates the benefits of moving a WordPress site from shared hosting to Virtual Private Server (VPS) hosting with information on:

  • How shared hosting environments limit the performance of a WordPress site
  • How VPS environments operate
  • Why pure SSD storage on a VPS is essential for good performance
  • The limitations and drawbacks of page caching, object caching and minifying plugins
  • Why all-in-one hosting control panels are evil
  • How PHP Opcode caching is the only true way to make WordPress run faster
  • How MySQL query caching dramatically speeds up communication between WordPress and MySQL
  • Tips on securing your VPS

Vlad presents an WordPress VPS-hosting approach designed to:

  • Not be radically different from a commonly-configured LAMP software environment
  • Avoid cache invalidation-related problems and minimise plugin incompatibilities
  • Ensure that everyone sees the most current state of your WordPress site
  • Ensure that logged in users and those working in the WordPress admin backend will also experience a speed increase

The presentation slides are available on SlideShare:

Sep 25

A major vulnerability has been found in the Bourne Again Shell (BASH) that it installed on most UNIX-based systems and this can be used to execute arbitrary code on vulnerable servers.

This vulnerability has been named “Shell Shock” and has been compared to the Heartbleed vulnerability in terms of its seriousness.

We strongly advise everyone who administers or uses a Linux/UNIX/OS X system to update their systems to the latest patched version of BASH that removes this vulnerability.

More Information:

Tags: ,

Apr 09

A severe vulnerability has been found in the OpenSSL library, widely used in UNIX-based web servers to implement support for Secure Sockets Layer (SSL) and Transport Layer Security (TLS) that underpins all encrypted web browsing. Every time you access a URL with the “https://” prefix, you are using SSL or TLS.

OpenSSL versions 1.0.1 (released December 2011) to 1.0.1f are affected, with the vulnerability fixed in 1.0.1g.

The vulnerability allows an attacker to read up to 64kB of memory contents on the server. This can potentially expose privileged information including secret keys that underpin the encryption. An attack is especially dangerous as it leaves no trace in system logs.

The vulnerability has been nicknamed “Heartbleed”, as the bug is present within the heartbeat functionality of OpenSSL. The following popular Linux/BSD distributions are known to be affected:

Debian Wheezy, Ubuntu 12.04.4, Centos 6.5, Fedora 18, SuSE 12.2, OpenBSD 5.4, FreeBSD 8.4, and NetBSD 5.0.2

If you are running one of these or a derivative, update your OpenSSL immediately to OpenSSL 1.0.1g, which can easily be done using standard package management tools e.g. yum and apt-get. After that, restart your web server.

To check if your web site or web server has the Heartbleed bug, you can use this online Heartbleed test tool:

http://filippo.io/Heartbleed/

For more information:

May 24
  • AussieWPExpert: Presentation slides from Vlad Lasky's WordCamp Melbourne 2013 talk "Beating Spam On Your WordPress Website": http://t.co/r4wV0Q1ulC #wcmelb

Apr 26
  • AussieWPExpert: This WordPress plugin lets you rename media files by updating their titles. URLs within posts are auto-updated: http://t.co/k0O9ulqIBe
  • AussieWPExpert: The Media Rename WordPress plugin allows you to easily rename (and retitle) your media files once uploaded – http://t.co/xHEwEEQUNE
  • AussieWPExpert: WordPress plugin AJAX Comment Loading, implements lazy loading for comments, making your site load faster – http://t.co/sCJXqdfzUL
  • AussieWPExpert: ManageWP: How to Boost WordPress Performance Drastically with Zend Optimizer+ – http://t.co/TcmLjgMHoi
  • AussieWPExpert: Lifehacker: Clever uses for Google's Reverse Image Search – http://t.co/RRMIkJ55IX

Apr 19

Apr 12
  • AussieWPExpert: This plugin provides a simple, flexible & powerful way to add jQuery UI widgets to WordPress posts, pages & widgets – http://t.co/r3mtQ5fpCX
  • AussieWPExpert: Lifehacker: Infogr.am Generates Beautiful Infographics From Custom Data – http://t.co/djoqvbfetM
  • AussieWPExpert: Blumenthals: Which Google+ HTML meta data should you use on your site – link 'rel=publisher' or 'rel=author' or both? http://t.co/h0TAXP3Xq7
  • AussieWPExpert: Lifehacker: The best ways to tweak your search when google doesn't give you what you want – http://t.co/bktmswGgG8
  • AussieWPExpert: Brief Blogs for Week Ending April 5, 2013 http://t.co/aDh25UhCa1

Apr 05

Mar 29
  • AussieWPExpert: Lifehacker: How to Build Your Own Syncing RSS Reader with Tiny Tiny RSS and Kick Google Reader to the Curb – http://t.co/F57Rl1RehV
  • AussieWPExpert: Morguefile – a source of free images/stock photos for illustration and design uses – http://t.co/Q1xl2enUsz
  • AussieWPExpert: Mihai Valentin's article on the use of template_redirect() to override WordPress's template handing algorithm – http://t.co/TmNHk96I8Y
  • AussieWPExpert: SpeckyBoy: WordPress Plugins to Help Make Your Site Responsive – http://t.co/3jwNlPJuKD
  • AussieWPExpert: Namaste! LMS is a Free
    Learning Management System
    For WordPress – http://t.co/v72zpO4q6Y
  • AussieWPExpert: WarriorForum: Interesting debate between Yoast and Stallion regarding WordPress SEO best practices – http://t.co/gNujB3OI9S
  • AussieWPExpert: Blogigs: 10 Free And Responsive WordPress Themes – http://t.co/l5eGp31cOw
  • AussieWPExpert: WebNetHosting: WordPress vs Joomla vs Drupal – CMS Popularity War –
    http://t.co/M7Ci1RiJwN
  • AussieWPExpert: SmartCompany: Top 10 tips for optimising adwords – http://t.co/r8uAzsx3Su
  • AussieWPExpert: Yoast's classic guide on structuring the headings on your WordPress blog for improved SEO – http://t.co/Ej12Uir8lY
  • AussieWPExpert: Brief Blogs for Week Ending March 22, 2013 http://t.co/m24m2COlTj

css.php