Friday, April 12, 2013

Update: Global Wordpress Attacks Still Going, but Muffled

Status Update: Global Wordpress Attacks

The global attacks on Wordpress sites (and now, other sites as well) are still going, although the Wordpress attacks themselves have been significantly mitigated by most web hosts as well as security services like CloudFlare through a combination of techniques specifically designed to combat this particular and unusually effective attack.

Thursday, April 11, 2013

Global Wordpress Brute-force Attacks

Your Wordpress site is under attack right now

Right now there is a very severe and global attack on all Wordpress sites on the Internet.

New status update on the Wordpress attacks as of 11pm Eastern time April 12, 2013.

UPDATE: It seems everyone is advising people to install either Limit Login Attempts or a Wordpress Security Plugin. DO NOT DO THIS. This will not only fail to block the attack, it could crash your server. These attacks come in too fast from too many IP addresses. Please follow this guide instead.

Update 2: Matt Mullenweg, the creator of Wordpress, has confirmed that plugins should NOT be used in this situation:

Most other advice isn’t great — supposedly this botnet has over 90,000 IP addresses, so an IP limiting or login throttling plugin isn’t going to be great
- from TheNextWeb: Brute force attacks on Wordpress continue...

Update 3: They are now providing the correct HTTP_REFERER value, so the htaccess blocking is not always effective.

This is not a joke or a hoax - your site is at risk and may be hacked and sending spam right now.

What all Wordpress site owners need to do right now on all sites

Thursday, March 28, 2013

HowTo: Read the MySQL Slow Query Log

How to read the MySQL Slow Query Log

If you followed along with the first post in our MySQL Optimization Series, you learned how to enable slow query logging on mysql and should have that turned on. (If not go ahead and follow the steps in that article now). Today we're going to take a look at how to read the slow query log and see what we can do with this data.

Saturday, March 23, 2013

Enabling the Slow Query Log in MySQL without service restart - Database Optimization Basics

This is the first article in a series on MySQL Database Optimization Basics. Subscribe to be notified when new articles are added!

Today we're going to cover how to log slow queries in mysql so that you can identify problems and refactor the correct queries in order to improve the performance of your website or application. Slow queries can cause errors when people use your website or application and having them will make your code difficult to scale. The first step toward fixing them is seeing which queries are slow in your code, so let's start by learning how to enable slow query logging without restarting the mysql service: