apache

It’s something that is often overlooked, but for security and speed, you should IP restrict your /wp-login.php file. I’ve had many sites go down because there’s someone trying to brute force the admin login, and even if it doesn’t take them down entirely, it tends to slow them down. Why? With any finely tuned site, users are mostly hitting static files. CSS, JS, images, cached pages, and so on. When they hit /wp-login.

Earlier, one of my servers stopped responding on port 80. It appears puppet had restarted apache because it updated a config file for one of the virtual hosts, and there was a configuration error, so apache didn’t come back up. By default puppet uses restart, even when a daemon supports reload, so when it messes up, it kills apache. Also, I realized it’d be nice to use configtest before even trying to restart.