Tags
Tagged with wordpress
- 8 min readwordpresssecurityoperations
Hardening every WordPress site on cPanel in one loop
A field-tested bash loop that walks every cPanel user, finds every WordPress install, and applies an idempotent hardening checklist with weekly drift detection.
- 14 min readoperationswordpressinfrastructure
Patchman activation breaks PHP sites: memory_limit gotcha
Patchman daily scans on cPanel push large WordPress sites past the PHP memory_limit and trigger 500s. Diagnostic flow, two-part fix, pre-activation audit.
- 8 min readwordpressoperationsinfrastructure
The corrupted WordPress db.php dropin nobody warned you of
WordPress says the DB connection is down but MySQL is fine, and only one site is affected. The cause is almost always a broken db.php dropin in wp-content.
- 14 min readwordpresssecurityinfrastructure
xmlrpc.php abuse and the 27-site one-shot fix on cPanel
A postmortem on 5,400 xmlrpc.php requests an hour from one /24, why per-site plugin fixes fail, and the shell loop that hardened 27 WordPress sites at once.
Three real WordPress compromises and how we found them
Three anonymised WordPress compromise postmortems on cPanel: a nulled Elementor Pro backdoor, a wp_options casino injection, and a six-week data exfiltration.
- 17 min readwordpressinfrastructure
WordPress WP-Cron stacking on cPanel: a complete fix
A 2026 postmortem on WordPress WP-Cron stacking on cPanel: 41 concurrent PHP-FPM children, the HTTP loopback that doubles load, and the three-layer fix.
- 2 min readwordpressoperations
Disable WP-Cron across every WordPress site on cPanel
An idempotent bash script that disables WP-Cron across every WordPress install on a cPanel server and replaces it with staggered system cron entries.