CMS Scanner: Scan WordPress, Drupal, Joomla, vBulletin websites for Security issues

CMS Scanner is a security tool from Open Security crew that you can host locally and use for security scans of WordPress, Drupal, Joomla, and vBulletin websites.  I think that having an automated tool like that is way better and more productive than a thousand blog posts on how to secure your installation of a particular software.

Archiving web sites

LWN runs an interesting article, covering different ways of archiving a website.  It sounds trivial, but it’s not.  Even the simplest of ways – wget – will probably take you a few dozen attempts to figure out the following:

$ wget --mirror --execute robots=off --no-verbose --convert-links \
       --backup-converted --page-requisites --adjust-extension \
       --base=./ --directory-prefix=./ --span-hosts \
       --domains=www.example.com,example.com http://www.example.com/

There a few other interesting tools (like pywb) mentioned.

What’s something very few people know about PHP?

What’s something very few people know about PHP?” blog post (and Quora answer) provides some more impressive stats and links about the popularity of the PHP programming language.

This goes well with this recent post.

WordPress Configuration Cheat Sheet

WordPress Configuration Cheat Sheet” is a collection of about 10 tips for a more secure WordPress configuration file.  Obviously, not all of them can always be applied, but it’s a good idea to review your own settings once in a while and to disable unnecessary bits.

Instagram Importer works again!

After some digging around and troubleshooting, I managed to fix the DsgnWrks Instagram Importer WordPress plugin on my site.  It turns out quite a few people had an issue with it, which started back in September/October of last year (2017).  The solution, they say, is just to remove the authenticated Instagram user from the plugin settings, and add it again.  I’m not quite sure if that’s the only thing that helped, as I’ve adjusted quite a few other things all around (HAProxy timeouts, Nginx timeouts, PHP maximum execution time, etc).  But it seems like the right thing to start with.

Keep in mind that you should backup the current user’s settings for the plugin (screenshot or save the page as HTML or just copy-paste them somewhere), because they will be reset to the defaults when the user is re-added.

I have just now imported about 40 Instagram pictures that weren’t synchronized since the last September.  Enjoy!