Category: Security
03/10/2020
How to sanitize and reset all WordPress user accounts with linux shell scripting and wp-cli
Hello! There are several key best practices insofar as how to deal with security intrusions, including but not limited to restoring from backups on a clean server. In this article, I will be going over how to create an automated shell script that completes the following actions across multiple WordPress sites on your linux server […]
03/26/2019
How to build a port scanner with Javascript using React Native
Hello! Why bother writing a port scanner in Javascript you might ask? Well javascript is many things, however the majority of its use is based on its original design to be synchronously executed in-browser using a single thread. Because of this, it becomes a challenge to write code outside of this original use case, though […]
11/02/2018
How to cache queries to admin-ajax.php in WordPress to improve performance
Hello! Working with wordpress for a while now, we noticed that many actions, whether administrative in nature or building a WordPress query on the front end, are dependent on the built-in admin-ajax.php or WordPress AJAX API. Since many 3rd party plugins depend on this Ajax API to dynamically push and pull data, it is unfortunately […]
09/13/2018
How to protect WordPress media files and only allow the users who uploaded them to view
Hello! In the past we have written about how to protect your WordPress media files. In the past exercises we utilized a strategy to set a session cookie with encrypted details that can be read and validated at the http service (i.e. nginx) as well as application (php/wordpress) level. Since then we have refined this […]
06/27/2018
How to implement a government ID verification system with Woocommerce and WordPress
Need this implemented on your site? Click here and fill out our quote form! Hello! There are many reasons why your Woocommerce store may need a system to accommodate verifying the identity of your customers. Depending on what your selling and the local or federal laws that are in place, having the identity […]
03/28/2018
#DeleteFacebook : How to poison, obfuscate and purge your facebook data before deleting your account
* Update : Thank you Vice for writing an article about my script! Unfortunately it seems as though facebook is actually blocking the ability for anyone to share the article. I wonder why? * Update 2 : Facebook is now allowing the Vice article to be shared, only after about 24 hours of blocking the […]
02/07/2018
How to use Jenkins and Git to automate code pushes for your Laravel project
Hello! Recently we published guides how to push WordPress sites with Jenkins or how to push WordPress sites with a simple shell script. We thought it might be useful to give an overview of how to streamline your code integration process with Jenkins , GitHub and Bash shell scripting. The script I will outline below […]
01/31/2018
How to craft an XSS payload to create an admin user in WordPress
Hello! XSS (or cross site scripting) attacks are a common method to maliciously execute actions against a website installation. In particular this type of attack vector is useful when dealing with a CMS like WordPress where you have administrative user accounts to target. This means that if you are able to craft an XSS payload […]
12/19/2017
WordPress plugin to integrate Jenkins to streamline your build process
Hello! We love integrating Jenkins into development workflow. Typically Jenkins would be used for custom development projects to streamline the development “push” process in order to seamlessly integrate code changes from a testing / staging environment over to the live environment. For frameworks like Laravel or Django, this works very nicely. Until recently, we haven’t […]
08/31/2017
IP Address Reputation and intelligence plugin for WordPress
Hello! With WordPress security, there are many methods for hardening and tightening controls, methods for preventing common attack vectors including best practices from a development, systems administration and even 3rd party plugin perspective. Since the rising popularity of “IP Reputation Intelligence” with Corporate networks and streaming services like Netflix, I thought it would be a […]