It is near end of 2025 and honestly it is the best time to give your WordPress site a full checkup before jumping into 2026.

So many website owners skip year-end maintenance and end up with problems like security issues, slow loading, or broken features that could have been avoided (including me).

This checklist is here to help you focus on the most important things to do before 2026 starts.

You’ll see which updates to do first, how to protect your site from hackers (my blog got hacked several times already, yikes!), and some easy steps to make your site faster for the new year.

Key Takeaways

• Year-end maintenance helps you avoid security and performance headaches next year
• Key tasks: update plugins, check backups, and clean up your database
• Doing this now saves you time and money later

Essential Year-End WordPress Maintenance Tasks

Year-end maintenance is all about four main things: updating your site, cleaning your database, making sure you have backups, and tightening up your WordPress site security.

Update WordPress Core, Themes, and Plugins

WordPress core updates give you security fixes and new features.

But before you update, make sure your current setup supports PHP 8.0 or above because most hosting companies require it now.

Update Process:

1. Core Updates – Go to Dashboard > Updates and hit “Update Now”
2. Theme Updates – Go to Appearance > Themes and update what’s available
3. Plugin Updates – Visit Plugins > Installed Plugins and update each one

Always update in this order: WordPress core first, then themes, then plugins.

This helps to avoid weird compatibility issues.

After each big update, always test your site.

Check important pages like your homepage, contact forms, and if you have an online shop, your checkout page too.

Optimise Database and Remove Unused Data

Your WordPress database collects a lot of “garbage” over the year.

This includes spam comments, old post revisions, and expired cache stuff that can slow things down.

Database Cleaning Tasks:

• Delete spam and pending comments from the last 12 months
• Remove post revisions older than 6 months (keep a few recent ones)
• Clear expired transients and cached data
• Delete unused media files and broken images

Use plugins like WP-Optimize to automate this cleaning job.

They can shrink your database size by a lot, sometimes 20-40%!

After cleaning, run a database optimisation.

This just helps your site run smoother and faster.

Back Up Site and Test Restore Functionality

Backups are your lifesaver.

You need a backup of your database, media files, themes, plugins, and all your settings before the new year.

Backup Components:

Use backup plugins like UpdraftPlus, or whatever your host provides.

Keep copies in different places—Google Drive, Dropbox, Amazon S3—just don’t put all your eggs in one basket.

Then, make sure to test your backup file by restoring it on a staging site.

Better to find out now if something’s wrong with your backup, not when you’re panicking later.

Review Security Settings and Scan for Malware

Security threats go up during the holidays because people pay less attention.

December and January usually see a lot more malware attempts, so don’t take chances.

Security Checklist:

• Change admin passwords to something strong—at least 12 characters (or you can use 1Password to keep track your password)
• Turn on two-factor authentication for admin accounts
• Update your security plugins like Wordfence or Sucuri
• Run a full malware scan on your site

Check your user accounts and remove anyone who hasn’t logged in all year. Only give admin access to people who really need it.

Look at failed login attempts for the past month. If you see the same IP failing again and again, block it with your security plugin or at the server level.

Don’t forget to check your SSL certificates. If they expire soon, renew them so your site stays secure.

Advanced Preparation for 2026

Before 2026 rolls in, it’s good to make your site faster, secure your users, and set up some automated routines so you don’t have to stress all year.

Test Website Speed and Performance

Your site’s speed really matters for your visitors and your Google ranking. Run speed tests with GTmetrix, Pingdom, or Google PageSpeed Insights to see how your site is doing.

Check your Core Web Vitals in Google Search Console. Look at LCP, FID, and CLS scores to spot any issues.

Test from different locations and devices. Mobile and desktop speeds can be quite different. And yes, it is good if your website is mobile responsive.

Key areas to check:

• Image sizes and formats
• Which plugins slow things down
• Database query speed
• Caching setup

Optimise images by switching to WebP and turn on lazy loading. If any plugin is making your site slow, find a better one or remove it.

If your server response time is always over 200ms, maybe it’s time to upgrade your hosting plan. Good hosting can make a big difference for your site’s speed.

I personally use hosting from ServerFreak. The price is not that expensive, their supports are responsive and the hosting is very reliable.

Set Up Scheduled Maintenance for the New Year

Automate as much as you can for 2026 so you don’t have to do everything by hand such as set up automatic updates for WordPress core, themes, and trusted plugins during your site’s quiet hours.

Schedule weekly database cleanups with plugins like WP-Optimize and let them handle junk data for you.

Essential scheduled tasks:

• Daily: Security scans and backups
• Weekly: Database cleanup and broken link checks
• Monthly: Performance checks and plugin reviews

Set your backups to run daily and keep copies on your computer and in the cloud. Test restoring your backup before you actually need it.

Use uptime monitoring tools like UptimeRobot to get alerts if your site goes down. It’s free for basic monitoring and gives you peace of mind.

Doing this year-end maintenance might take a bit of time, but it’s worth it. A cleaner, faster, and more secure site will help you start 2026 with confidence.

You don’t need to rush — do one step per day if you want. The important thing is that your site is prepared, protected, and ready to grow next year.

The post Year-End WordPress Maintenance Checklist: Essential Tasks to Complete Before 2026 appeared first on CypherHackz.Net.

The promotion is here and will be gone in a few days.

Get your .MY domain now with only RM1 by 12 December 2024 at Exabytes.

This promotion is only applicable for new .MY domain registration for 1 year and will renew with the full price which is RM139 a year.

If you have budget, you can buy for 5 years straight and the price will be RM445 in total (RM89 per year).

And for your info, as of 13th June 2024, global users can now register . MY domain through renowned global registrars.

It is no longer exclusively for Malaysian.

So you better get your .MY domain quick before someone else grabbed it from you.

The post Get your .MY domain for only RM1 appeared first on CypherHackz.Net.

In this article I will share with you the steps on how to install NVM and Node.js in macOS using HomeBrew.

HomeBrew is an open-source software package management system that simplifies the installation of software on your macOS. It is like the ‘apt’ in Linux.

Install HomeBrew

If your macOS is not yet install with HomeBrew, you can install it by issuing this command in your Terminal.

/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"

Once you have HomeBrew installed, then you can start install NVM and Node.js in your machine.

Install NVM with HomeBrew

First, we will install NVM in HomeBrew by using this command in the Terminal.

brew install nvm

Then you need to create NVM folder in your Home directory.

mkdir ~/.nvm

And next, add the following in your shell ~/.profile or ~/.zshrc file. In my case, I’m using .zshrc for my shell.

export NVM_DIR="$HOME/.nvm"
    [ -s "$HOMEBREW_PREFIX/opt/nvm/nvm.sh" ] && \. "$HOMEBREW_PREFIX/opt/nvm/nvm.sh" # This loads nvm
    [ -s "$HOMEBREW_PREFIX/opt/nvm/etc/bash_completion.d/nvm" ] && \. "$HOMEBREW_PREFIX/opt/nvm/etc/bash_completion.d/nvm" # This loads nvm bash_completion

Now, you can restart your Terminal to use this new config.

You can check is your NVM is working or not by checking its version.

nvm -v

#Output: 0.39.3

Install Node.js with NVM

It is recommended to install Node.js using NVM and not Homebrew.

Just enter this command to install the latest Node.js version in your machine.

nvm install node

Once installed, you can check the version with this command.

node -v

#Output: v20.3.1

That’s it! Now you can start developing your webapp with NVM and Node.js.

Good luck!

The post How to install NVM and Node.js in macOS using HomeBrew? appeared first on CypherHackz.Net.

In this article, I will show you how to post status with image to your Twitter account using PHP.

But first, make sure you already have these items with you.

1. API Key
2. API Secret Key
3. Access Token
4. Access Token Secret

These items can be generated from your Twitter account developer page.

Step 1
Download codebird from GITHub.

Step 2
Upload codebird to your webserver

Step 3
Create a PHP file using this code. Please take note on the codebird.php file path.

function tweet($message,$image) {

// add the codebird library
require_once('codebird/src/codebird.php');

// note: consumerKey, consumerSecret, accessToken, and accessTokenSecret all come from your twitter app at https://apps.twitter.com/
\Codebird\Codebird::setConsumerKey("API KEY", "API SECRET KEY");
$cb = \Codebird\Codebird::getInstance();
$cb->setToken("ACCESS TOKEN", "ACCESS TOKEN SECRET");

//build an array of images to send to twitter
$reply = $cb->media_upload(array(
    'media' => $image
));
//upload the file to your twitter account
$mediaID = $reply->media_id_string;

//build the data needed to send to twitter, including the tweet and the image id
$params = array(
    'status' => $message,
    'media_ids' => $mediaID
);
//post the tweet with codebird
$reply = $cb->statuses_update($params);

}

Step 4
You can post the status and image using this function.

tweet('This is my tweet message','http://www.example.com/image.jpg');

That’s it! Now you can post any tweet with image using PHP.

The post How to post status with image to Twitter using PHP? appeared first on CypherHackz.Net.

I tried installed back Conda but the environments still not available.

Fortunately, the MacOS upgrade did not remove my environments but it just moved them to another location which located here.

/System/Volumes/Data/anaconda3

And my current Conda folder is here.

~/opt/anaconda3

So what I need to do is just copy the environments folder called envs to the current Conda folder.

And…done!

PS: I believed the same method also works if you upgraded to MacOS Catalina.

The post Get back Conda environments after upgraded to MacOS Big Sur appeared first on CypherHackz.Net.

Before this I read charts manually to identify bullish and bearish engulfing pattern. Then I thought why not just do some scripting and make it automatic?

I know TradingView allows us to write our own script using Pine Script language. With some manual reading and try & error, here is the script to get perfect bullish and bearish engulfing in TradingView.

// This source code is subject to the terms of the Mozilla Public License 2.0 at https://mozilla.org/MPL/2.0/
// © CH

//@version=4
study("Bullish & Bearish Engulfing", overlay=true)

// Make sure the shadow is bigger than previous candle
engulfShadow = high > high[1] and low < low[1]

// Check the Bullish Engulfing
bullEngulf = open[1] > close[1] and open < close and close >= open[1] and open <= close[1] and engulfShadow

// Check the Bearish Engulfing
bearEngulf = open[1] < close[1] and open > close and close <= open[1] and open >= close[1] and engulfShadow

// Plot the 'triangle'
plotshape(bullEngulf, title="Bullish Engulf", location=location.belowbar, transp=0, style=shape.triangleup, text="Bullish Engulf", size=size.auto, color=color.blue)
plotshape(bearEngulf, title="Bearish Engulf", location=location.abovebar, transp=0, style=shape.triangledown, text="Bearish Engulf", size=size.auto, color=color.red)

You may click the above image to get a better view on how it works.

And just a quick note, make sure to confirm the engulfing pattern before you make any entry.

The post Pine Script: Perfect Bullish & Bearish Engulfing appeared first on CypherHackz.Net.

I was having problem to connect my USB card reader to my Windows 10 virtual machine in VMWare Fusion.

I thought the card reader was corrupted, so I replaced it with another one. Unfortunately, the problem still exist with this error message.

The device 'XXX USB3.0' was unable to connect to its ideal host controller.

The problem is with the compatibility issue in VMWare Fusion and the USB 3.0 device. After did some research, there is a setting that I need to change in the VMWare Fusion.

1. Make sure your Guest OS (in my case is the Windows 10 virtual machine) is powered off
2. Go to your Virtual Machine settings
3. Click on the USB & Bluetooth icon
4. Under Advanced USB options, select USB 3.0 under USB Compatibility

That’s it! Power on your virtual machine and your USB 3.0 device should be working now. Problem solved.

The post VMware Fusion – Solved: The device ‘XXX USB3.0’ was unable to connect to its ideal host controller appeared first on CypherHackz.Net.

I would like to wish Selamat Hari Raya Aidilfitri, Maaf Zahir & Batin to all my readers. -CH.

I have about eleven WordPress sites (or blogs) in my ManageWP account.

Before ManageWP exist, it was very time consuming to manage and update all your WordPress sites, plugins and themes to their latest version.

But with ManageWP, I just need to login into it once a week and click the Update button to update all my WordPress sites.

Easy.

But what is ManageWP?

ManageWP is the solution for you to manage multiple WordPress sites from one single dashboard. With ManageWP you can update all your themes, plugins, and WordPress core files including monitor your websites performance, perform backup and various tasks.

What you need is just to install the plugin and connect your WordPress site to your ManageWP account.

ManageWP is free for use but it also provides premium features with minimal fee if you want to have additional features in your ManageWP account.

Since I use ManageWP just for myself, the free version is sufficient for my workflow.

But if you are a WordPress website developer who manage multiple clients websites and want to add additional benefits to your clients, you may add the premium add-ons into your ManageWP account.

Even though it is premium, but the fee is reasonable and affordable.

Are you a ManageWP user? Let me know your experience using ManageWP in the comment form below.

The post Manage multiple WordPress sites with ManageWP appeared first on CypherHackz.Net.

Most people use this trick to to prevent robots from scraping their email address, yourname[at]yourdomain[dot]com on the web.

They just replace the ‘@’ with [at] and the ‘.’ with [dot].

That technique is very common. But if you want to make a little bit different, you may use something like this,

or custom domain like this,

Want to know how? Just go to Nexodyne website and create your email icon for free.

The post Prevent robots from scraping your email address appeared first on CypherHackz.Net.

By default, all files that you have uploaded to WordPress will be stored in /wp-content/uploads/ folder.

And by default, folders that come with WordPress installation i.e., plugins, themes will have index.php file. So when someone try to access that folder will stumble on a blank page.

But for this uploads folder, there is no index.php file created for it. So you need to create an empty index.php for that folder to protect it. Great!

But our next problem is, the sub-folders are not protected. So someone can view and get all files under this sub-folders like the image shown above.

Solution?

You need to create a .htaccess file in the uploads folder and put this line in that file.

 Options -Indexes

That’s it! Only one single line will help you to protect all files under that uploads folder.

If someone tries to open your uploads folder and its sub-folder will get a 403 Forbidden error message.

The post Protect your WordPress ‘uploads’ folder appeared first on CypherHackz.Net.