Is every web property that you own 100% HTTPS? Yeah? Ok, stop reading right now, this post isn’t going to help you at all. Still here? Great. You need SSL everywhere. On your site that accepts credit card payments? Yeah, you should’ve been doing this for a long time. On your site that sends you… Read more
Occasionally, we run into a client that uses an insecure password. We typically tell them about the security implications, and suggest that they change it, and mention LastPass as an alternative to having to remember a ton of complicated passwords. There are simple ways you can check if you’re password is worth using. The big… Read more
I was originally very concerned about the new automatic updates, because updates on a WordPress site occasionally break things. When I update, I want to get a quick backup right before, and have a restore plan in place, in case anything goes awry. It’s a risky procedure, and the thought of WordPress updating itself whenever… Read more
It’s something that is often overlooked, but for security and speed, you should IP restrict your /wp-login.php file. I’ve had many sites go down because there’s someone trying to brute force the admin login, and even if it doesn’t take them down entirely, it tends to slow them down. Why? With any finely tuned site,… Read more
Too often I get clients that have no idea who hosts their DNS, or they will migrate from a company, leave their DNS, and have no idea what they’re getting charged for. You need to know who hosts your DNS.
I write this not with the intent of telling people how to hack, but with the hopes that people will realize how easy it is to protect against.
If you use the built-in import/export to migrate a WordPress site, you’re doing it wrong. You don’t save any of the site’s settings or the plugin settings. Please figure out a better way to migrate a site.
Earlier, one of my servers stopped responding on port 80. It appears puppet had restarted apache because it updated a config file for one of the virtual hosts, and there was a configuration error, so apache didn’t come back up. By default puppet uses restart, even when a daemon supports reload, so when it messes up, it kills apache. Also, I realized it’d be nice to use configtest before even trying to restart.
Have you ever realized that puppet stopped running on a server a month ago? Or perhaps you stopped it and forgot to restart it? Your server has been ignoring vital security updates because you thought that puppet had it covered.
The other day while I was trying to get puppet up and running on a server, I found that you can use “puppet resource” to automatically generate puppet manifest code. If you type:
puppet resource user
It’ll show you the puppet configuration for all of the user’s on your system.