Tutorials Archives | Page 2 of 3 | Animated Creativity

Block PHP execution in wp-content/uploads on OpenLiteSpeed: the right .htaccess snippet

November 27, 2024 by admin

Computer monitor displaying terminal output: system metrics, file listings, and kernel error messages — typical sysadmin view (photo: Tima Miroshnichenko)

wp-content/uploads/ is the most predictable target on a WordPress install. It’s writable by the web server (so any compromise that gets a file uploaded lands here), it’s almost never inspected by malware scanners with the same vigilance as wp-includes/, …

Hide the OpenLiteSpeed admin panel: bind 7080 to 127.0.0.1 + reach it via SSH tunnel

November 4, 2024 by admin

Linux ls -la output showing /bin, /boot, /etc, /home, /lib, /sbin and other root directories — typical first view after SSHing into a server (photo: Pixabay / Pexels)

OpenLiteSpeed’s admin panel runs on port 7080 by default and binds to *. That means anyone with your server’s IP can hit https://your-ip:7080/ and reach the admin login form. The form has authentication, sure — but having a login …

Universal Control between Mac and iPad: a working setup, and the diagnostic commands when it stops

October 31, 2024 by admin

An iMac, a MacBook Pro, and an iPad arranged together on a wooden desk with a Magic Keyboard and Magic Mouse — typical multi-Apple-device workspace where Universal Control matters (photo: Pixabay / Pexels)

Universal Control is one of the more genuinely magical things macOS does — slide your cursor off the right edge of your Mac and it appears on your iPad, you keep typing without changing keyboards, you drag a file across …

The .hph extension trick: how WordPress malware survives cleanups by shadowing .php files

October 19, 2024 by admin

Four nearly identical white binders standing in a wooden box, suggesting how easy it is to overlook a slightly differently-named file in a directory listing (photo: Mateusz Dach / Pexels)

You clean a WordPress malware infection. You find every .php file with the suspicious signature, quarantine it, restore from backup, harden the site. Three weeks later the same backdoor is back. Same filename, same content, same behavior. You’re sure you …

Patching abandoned WordPress themes for PHP 8: the widget constructor fix

October 18, 2024 by admin

Laptop displaying a code editor with class hierarchy panel and method documentation tooltip — typical view when reading inherited legacy code (photo: DKomov / Pexels)

You upgrade an OpenLiteSpeed box from PHP 7.4 to PHP 8.2, the four sites running mainstream themes come up clean, and the fifth — running a 2013-era premium theme that hasn’t been touched by its author since 2018 — throws …

Wordfence forensics: mining wp_wfhits and wp_wfissues to reconstruct a breach timeline

September 18, 2024 by admin

Top-down view of two detectives examining black-and-white photos and fingerprint cards on a desk — visual metaphor for piecing together a breach timeline from log evidence (photo: RDNE / Pexels)

If you’re cleaning up a WordPress compromise and the site has Wordfence installed, you have more forensic data than you think. Even on the free plan, Wordfence quietly logs every blocked request, every plugin-vulnerability advisory, every flagged file, and every …

Keep tmux sessions alive across Mac sleep + Wi-Fi changes: ServerAliveInterval vs autossh vs mosh

September 8, 2024 by admin

A hand resting on a laptop keyboard outdoors at a wooden table with trees in the background — visual for the 'close lid, move, reopen, reconnect' workflow that mosh and autossh are designed to make seamless (photo: Jose Hermes Furtunato / Pexels)

You SSH into a server, start a long-running build inside tmux, close the laptop lid to walk to lunch, come back fifteen minutes later — and your terminal greets you with Connection to server.example.com closed by remote host. The …

macOS launchd: the actual replacement for cron when you want a recurring task on your Mac

August 22, 2024 by admin

Vintage black twin-bell alarm clock next to a blank notebook on a colorful background of scattered wooden numbers — visual for time-based scheduled tasks (photo: Black Ice / Pexels)

You write a Python script that needs to run every fifteen minutes on your Mac. You add a line to crontab -e, save, walk away. Two days later you check and notice it never ran. The cron file is …

Detecting and cleaning the DOLLY WordPress mu-plugin backdoor

August 14, 2024 by admin

Hooded figure with neon mask holding tablet displaying 'Uploading Virus' progress bar — visualizing the DOLLY WordPress mu-plugin backdoor exfiltrating credentials

Last week I cleaned a six-site WordPress compromise on one of my OpenLiteSpeed boxes. The most interesting payload was the “DOLLY” mu-plugin family — a credential-harvesting backdoor that hides itself with a few clever tricks and survives most casual cleanups …

Rotating WordPress salts as incident response: the step everyone skips

July 23, 2024 by admin

Close-up of a metal combination lock with rotating numeric dials — visual metaphor for rotating WordPress salts to a new secret combination (photo: Felix Moeller / Pexels)

You’ve cleaned the malware files, deleted the backdoor admin accounts, rotated everyone’s password. The site is fine, you’re fine. Three weeks later someone logs in with a session cookie they grabbed during the compromise window and creates a fresh admin …