Are you in my blocklist?
With just a few manual steps, you create your own little blocklist for WordPress in either a `.htaccess` or `web.config` file. Here are the IP addresses I'm currently blocking. Note, this list can get long (loooonnggg).
Force HSTS in Apache .htaccess
Learn how to enable HSTS in Apache .htaccess configuration file to start using HTTP Strict Transport Security (HSTS)
Disallow direct access to PHP files in wp-content/uploads/
It's recommended to disallow access to and execution of PHP files in wp-content/uploads folder. Preferably without the use of a security plugin. Blocking access to PHP files in WordPress wp-content/uploads folder is easily achieved with .htaccess on Linux Apache, or `web.config` accesssPolicy in Windows Server IIS. And here is how.
WordPress .htaccess security best practices in Apache 2.4.6+
Since Apache 2.4.6, a new module is used to configure and set up access control for websites: mod_authz_core. This means you have to use a different syntax for allowing or blocking hosts and IP addresses to your website.
Redirect HTTP to HTTPS
In this post I provide you various HTTP to HTTPS redirection methods, for Windows Server IIS and Linux Apache. Use these examples to your advantage to secure the traffic between your visitors and your website.
Joomla websites abused as open proxy for Denial-of-Service attacks
Joomla websites using the Googlemaps plugin for Joomla are actively abused as open proxy for launching Denial-of-Service (DoS) attacks. Even though the Googlemaps plugin vulnerability plugin_googlemap2_proxy.php
was released over one and a half (1,5) years ago, I still see these DoS-attacks happening on a regular basis...
windows-server (113)
iis (80)
powershell (77)
php (55)
wordpress (47)
mysql (36)
windows (34)
performance (28)
linux (23)
web.config (23)
Website (22)
htaccess (20)
aspnet (19)
url-rewrite-module (19)
sql-server (18)
bash (18)
optimization (18)
ssl (17)
gnu-linux (13)
plugin (13)
windows-10 (12)
devops (11)
monitoring (11)
security (10)
appcmd (10)
wsl (9)
smtp (9)
wincache (9)
wmi (8)
zabbix (8)
windows-update (8)
opcache (8)
openssh (7)
database (7)
dism (7)
iis-60 (7)
sysops (6)
wsus (6)
apache (6)
hyper-v (6)
virtualization (6)
spam (6)
functions-php (6)
classic-asp (6)
ddos (6)
password (5)
email (5)
active-directory (5)
umbraco (5)
joomla (5)
command-line (5)
application-pool (5)
blacklist (5)
t-sql (4)
wql (4)
https (4)
group-policy (4)
backup (4)
connector-net (4)
debug (4)
logparser (4)
network-adapter (4)
dns (4)
query_cache (4)
ghost (4)
iisnode (4)
node-js (4)
vbscript (3)
windows-firewall (3)
brute-force (3)
ftp (3)
postfix (3)
forensics (3)
benchmark (3)
xss (3)
disk-cleanup (3)
disk-space (3)
sql-injection (3)
openssl (2)
net-core (2)
visual-studio (2)
windows-defender (2)
rdp (2)
connector-odbc (2)
c (2)
mysqldump (2)
xml-rpc (2)
smb (2)
cross-site-scripting (2)
innodb (2)
httpbl (2)
centos (2)
magento (2)
denial-of-service (2)
deployment (2)
windows-deployment-services (2)
mysqli (2)
open-xchange (2)
waf (2)
web-application-firewall (2)
code-base (1)
windows-11 (1)
ipv6 (1)
networking (1)
sqlce (1)
tinymce (1)
Prianha-CMS (1)
kvm (1)
http-3 (1)
quic (1)
wmsvc (1)
database-mirroring (1)
service-principal-names (1)
spn (1)
jetpack (1)
api (1)
kms (1)
red-hat (1)
varnish-cache (1)
elasticsearch (1)
dhcp (1)
jquery (1)