Configuring Automatic Background Updates – WordPress

Update Types

Automatic background updates were introduced in WordPress 3.7 in an effort to promote better security, and to streamline the update experience overall. By default, only minor releases – such as for maintenance and security purposes – and translation file updates are enabled on most sites. In special cases, plugins and themes may be updated.

Read moreConfiguring Automatic Background Updates – WordPress

WordPress auto update config

1. disable FTP commands from config.php
2. add to config.php

// Update core
define( 'WP_AUTO_UPDATE_CORE', true );

optionally for Synology NAS

# reset chown for Synology user nobody
chown -R nobody:nobody /web/wordpress/dir

# reset files and folders chmod in /web/wordpress/dir
find . -type f -exec chmod 0644 {} \;
find . -type d -exec chmod 0755 {} \;

PHP / SQL data protection – anti SQL-Injection function

SQL Injection

SQL injection is a technique where malicious users can inject SQL commands into an SQL statement, via web page input.
Injected SQL commands can alter SQL statement and compromise the security of a web application.

SQL Injection Based on 1=1 is Always True
Look at the example above, one more time.
Let’s say that the original purpose of the code was to create an SQL statement to select a user with a given user id.
If there is nothing to prevent a user from entering “wrong” input, the user can enter some “smart” input like this:


How to protect

PHP functions

The function

//Blind SQL-INJECTION Escape sequence. Line codes anti SQL-Injection
function anti_injection($input){
return $clean;

How to use