Prevent PHP execution in wp-content/uploads

Prevent PHP Execution in wp-uploads and improve WordPress Security

When hackers are able to ascertain your WordPress credentials, there’s a good chance they’ll try and upload a backdoor into your WordPress website via the backend. A backdoor is a script, usually PHP, that allows them to perform actions on your website/webspace (such as creating malicious files, resetting permission, …). So it is paramount to prevent PHP execution all together. This way you can limit the actions a hacker can perform if your credentials do get compromised.

How to prevent PHP execution:

To ensure no .php files can be executed, I’d suggest you create a .htaccess file in /wp-content/uploads containing following code:

Continue reading →

A WordPress guy goes to Drupalcon!

The past week I’ve attended Drupalcon in Amsterdam. As most of you know I’m quite active with WordPress, so going to Drupalcon was quite an experience. It seemed fitting to write a little review on my perception of Drupal 8 and it’s community.

First, a list of (most of) the sessions I attended:

  • The keynote by Dries Buytaert (also known as the Driesnote)
  • Turning Drupal into a machine for automated deployment
  • Deploying your sites with Drush
  • Getting content to a phone in less than 1000 ms
  • Understanding the building blocks of performance
  • A keynote by Cory Doctorow
  • Render caching in Drupal 7 and 8
  • New wave PHP
  • Building a multilingual, multidomain Drupal site
  • Drupal Lightning talks
  • An overview of the Drupal 8 plugin system
  • Building modern web apps with ember.js and headless Drupal
  • Closing session

So what’s different with most of the WordCamps:

I found Drupalcon to be an example of professionalism when it concerns the organisation and there’s a great diversity in the tracks (and a great number of simultaneous tracks). This is certainly something that can be improved by most WordCamps.
Sessions also tend to be longer, with an hour as the minimum duration and 1h15 in average. It gives the speaker the possibility to go in depth in his or her talk, something I would certainly appreciate in future WordCamps.

And what about Drupal 8?

I’ve used Drupal before I ever started using WordPress. I liked it back then and I like it now. But with Drupal 8, we can certainly state that Drupal has evolved. Bringing a fully responsive backend, improved api’s and much more, it’s a joy to work with. I’d urge all of you to try Drupal 8 beta 1 yourself.

Drupal 8’s community is great!

One thing I noticed quite immediately is that the Drupal 8 community consists of much more developers and contributers to the project than the average public on a WordCamp. These guys and girls are also super friendly and eager to help. Also, throughout the conference there were ongoing code sprints where you could learn to contribute to the Drupal project. These were mentored sessions, so any newbie could pitch in. I was even able to find an issue and open a issue in the tracker (https://www.drupal.org/node/2349581) I look forward to diving deeper in the world of Drupal once again!