When you host a WordPress site, you should consider that you are pretty much opening a backdoor to your server. It’s not quite that simple, but, as one of the most widely-used Blogging and “CMS” platforms, it is regular target for hackers, and when you consider the vast ecosystem of 3rd party Plugins and Themes (one of the main driving points of it’s popularity), hackers have a massive surface area to attack. Because of this, it is important to do what you can to protect WordPress installations from exploit and abuse. In this post I am not going to go over securing the code that runs on WordPress, but I am going to mention two things you can do using Fail2Ban to protect against unauthorized logins, and abuse of xmlrpc.php
.
Blocking Search Engines, and Yoast
Yoast SEO is a very capable tool, it makes a lot of the SEO process very accessible to WordPress Administrators, but I discovered just the other day that it is a little lacking when it comes to blocking search engines from pages.
Short-cutting Fail2Ban 8.1
If you find yourself spending a lot of time working with/on web-facing servers, you have probably heard of or used this awesome little thing called fail2ban. I am not going to get in to what it is or what it does, if you have never heard of it, you should look into it, as it is a pretty helpful tool for protecting your web-connected machines. I have been using it for some time on my AWS and personal boxes, and considered myself fairly adept at it up until the other day, when I discovered a few little tricks to slimming my jail configurations considerably.
So, I got a very nice call from the Fraud Detection department working with Five County Credit Union, yesterday. Turns out, I was ordering Playground Equipment, and they didn’t think that was like me…
Well, it isn’t, and it wasn’t!
That’s pretty much the whole story: Playground Equipment, and some $1 bidding service. The only other odd bit was that the transactions were authorizations, and didn’t carry a value, so I got lucky.
Anyway, the card is flagged, closed, and I am getting a new one. Both transactions happen in the span of two days, and for the life of me I can not figure out where they would have left my sight recently. So I am guessing we are going to hear about another breach soon. Either that, or they were leaked as part of the Hannaford or Target breaches over the past few years, and it was my cards turn to get used. Either way, all is right with the world.
I will say, though. I looked at the website, and it was some pretty awesome playground equipment. I wouldn’t mind having a slide like that in my back yard…
I am very excited to be the new web-host for Between the Sheets Photography, the boudoir arm of Thousand Words Photography, by Laila Valade. She is a phenomenal photographer, and I am super-excited to help and be a minor support in what she does. Currently the site is simply an “Electronic Business Card” of sorts, but we will be working on getting a more full-fledged site up shortly. You can find Laila on Facebook, at Between the Sheets Photography, and Thousand Words Photography. Cheers!
Introducing CoverThis-A-Day! As you may know, I dabble a bit in photography, and I have been decidedly lax on that dabbling as of late. Well, to celebrate my getting my server running again, I have launched a new website! HOPEFULLY, this will be the beginning of a “Photo-a-Day” thingy for me, but who really knows. I already have a few Posts scheduled, so, fingers crossed…
Well that was fun. Some time ago, while experimenting with pthreads
, I manually compiled and installed PHP 5.5 on this server, not really considering that I would miss anything important in the process. Well, I did, and it took me the better part of three months to get around to fixing it. Not that I couldn’t, just that I didn’t have time.
Well, I made time, and it is fixed. Back to business as usual. (Also: I will not be experimenting on my production box again…)