MYSQL Archives | Animated Creativity

The one SQL query that catches almost every backdoor admin in WordPress

November 24, 2025 by admin

Close-up of WordPress JavaScript source code displaying themes:update functions and wp.updates handlers — typical view when auditing WordPress code (photo: Markus Spiske / Pexels)

If a WordPress site of yours has been compromised — even briefly, even silently — there’s a very good chance it now has at least one administrator account that you didn’t create. Most WP malware families plant one as part …

Get WordPress off MySQL root: per-site users in one Python loop

September 6, 2025 by admin

A single key resting in a locker door, symbolizing per-site database credentials with no shared master key (photo: Jakub Zerdzicki / Pexels)

If you run more than one WordPress site on a single server and every wp-config.php has DB_USER = 'root', your eight sites are effectively one site as far as a compromise is concerned. One vulnerable plugin on any of …

Recovering a malformed wp_options.active_plugins: the SQL REPLACE() trap and how to rebuild

January 2, 2025 by admin

A nearly-complete white jigsaw puzzle with one piece sitting outside its slot, exposing the blue surface beneath — visual metaphor for one wrong byte breaking the whole serialized array (photo: Mike Van Schoonderwalt / Pexels)

You have a WordPress site that’s returning HTTP 200, the homepage renders, but something’s quietly off. WooCommerce features aren’t loading. LiteSpeed Cache settings page is empty. The Mailpoet sender isn’t sending. None of these would normally fail at the same …

The wp_options.siteurl hijack: how a one-row UPDATE redirects every visitor and how to spot it before Google does

December 27, 2024 by

Metal directional arrow plate on a wooden floor — photo by Max Laurell on Pexels

One of the simplest, oldest, and still most effective WordPress compromises is a single SQL update. The attacker gets one query into your database — through any RCE, SQLi, or stolen-credential path — and runs:

UPDATE wp_options
   SET option_value =

…

Wordfence forensics: mining wp_wfhits and wp_wfissues to reconstruct a breach timeline

September 18, 2024 by admin

Top-down view of two detectives examining black-and-white photos and fingerprint cards on a desk — visual metaphor for piecing together a breach timeline from log evidence (photo: RDNE / Pexels)

If you’re cleaning up a WordPress compromise and the site has Wordfence installed, you have more forensic data than you think. Even on the free plan, Wordfence quietly logs every blocked request, every plugin-vulnerability advisory, every flagged file, and every …

How to install LAMP on Ubuntu with PHP-FPM

September 29, 2017 by admin

Tested this on a lot of servers already before writing this post. I needed to move from SquareSpace to Vultr VPS, so this post is from that.

This is what I am using…

Server: Ubuntu 14.04

Memory: 512MB

CPU: 1 …