FREE THOUGHT · FREE SOFTWARE · FREE WORLD

Home  »  Search results for "wordpress security"

THE Ultimate Htaccess

.htaccess file tutorial .htaccess is a very ancient configuration file for web servers, and is one of the most powerful configuration files most webmasters will ever come across. This tutorial shows off the very best of the best htaccess tricks and code snippets.

You've come to the right place if you are looking to acquire mad skills for using .htaccess files!

Htaccess

Mod_Security .htaccess tricks

Mod_Security rivals Mod_Rewrite in the amount of features it provides. I decided to go ahead and post what I learned about it today, even though its tough to give away such awesome htaccess and apache tricks.. Learn how to control spam once and for all, conditionally log/deny/allow/redirect requests based on IP, username, etc.. Mod_Security is so fine!

Htaccess

AskApache Password Protection, For WordPress

AskApache Password Protect ScreenShot 1AskApache Password Protect adds some serious password protection to your WordPress Blog. Not only does it protect your wp-admin directory, but also your wp-includes, wp-content, plugins, etc. plugins as well. Imagine a HUGE brick wall protecting your frail .php scripts from the endless attacks of automated web robots and password-guessing exploit-serving scripts.

WordPress

SEO Boost from Google 404 Plugin

1 minute Install!
Turns every 404 Not Found error into a SEO traffic generating event! Now you have many unique users with unique IP addresses and cookies searching your blog on all of the Google Indexes... Sweet!

«Take My 404 for a Test-Drive

SEO

SEO in WordPress

Search Engine Optimization for WordPress

WordPress

Advanced WordPress wp-config.php Tweaks

The bottom line for this article is that I want to make WordPress as fast, secure, and easy to install, run, and manage because I am using it more and more for client production sites, I will work for days in order to solve an issue so that I never have to spend time on that issue again. Time is money in this industry and that is ultimately (time) what there is to gain by tweaking WordPress.

Note: I spent no time on readability, this is primarily a read the code and figure it out article.. This is for advanced users looking for a reference or discussion and for those of you looking to advance. Feedback would be great if you make it that far..

WordPress

COMPUTER SECURITY TOOLBOX

List of mainly obscure security software geared more for the master pentester. These are mostly for unix, bsd, and mac and many are difficult to install and setup (require custom servers, inside access points, obscure libraries). Only programs that output data are included, so no actual exploits or anything. Most of these output extremely useful albeit extremely technical information.

Security

Optimize a Website for Speed, Security, and Easy Management

Learn how to setup, configure, secure, optimize, and create a low-maintenance website the AskApache way. I'm piecing together all the hacks, tricks, methods, and ideas discussed throughout this blog and all across Netdom and glueing them all together to show you how to have the most optimized, crazy fastest, and best website setup I can think of.

Hosting

HOWTO: Uninstall CPANEL over SSH

The following is just a quick but detailed reference of some of the commands I used to successfully uninstall cpanel permanently. This is for advanced users of the shell. If you run a single one of these commands without fully understanding it, you will probably kill your server, lose everything on it permanently, not have a website or email for weeks.. So backup everything. FIRST. You should also contact your hosting provider support - but be prepared for some MAJOR negativity.. cpanel makes things very easy for web-hosting companies, and you are less than a drop in their bucket.

Hacking

Password Protection Plugin Status

Enumerating Permissions can be Annoying

Don’t ask me how because I won’t tell you, but on one of the hosts I was testing on that did not allow direct access I was able to get the Apache server running as dhapache to erroneously write a file into my users blog directory. This is a big security no-no and I now have my .htaccess file written into the blog directory where it should go, but instead of my php script’s user having write access to the file so I can modify it, its owned by dhapache! Because the file is owned by dhapache I shouldn’t even be allowed to know it exists, but there it is. So the next step was to try and take ownership of the .htaccess file so that I could modify it. I tried and tried but was unsuccessful, I couldn’t modify it so that was another dead end. Actually it took me awhile to figure out how to remove the file from my directory. Being that it was owned by dhapache I couldn’t delete or modify it using my php process or even through ftp/ssh! Sysadmins regularly run find commands that search the servers for any files owned by dhapache that should not be there as this is a big red flag that someone has found a way to manipulate dhapache which could potentially lead to modifying dhapache-owned server config files, which sometimes is all it takes to hack your website and server.. Luckily I was able to delete it by basically running the hack again to overwrite the file.

WordPress

.htaccess Plugin Blocks Spam, Hackers, and Password Protects Blog

.htaccess security plugin 2

Well what can I say, other than this is sooo DOPE! Here is a list of the modules this plugin (version 4.7 unreleased) will automatically detect. I compiled the list myself using every module included with any default Apache installation for ALL the versions listed below, 1.3 to 2.2+

Want to know something else I'm including in this plugin? For each and every module that is detected, this plugin can then detect ALL of the modules .htaccess Directives! For instance, RewriteRule, AccessFileName, AddHandler, etc.. are each a directive belonging to a module that is allowed to be used from within .htaccess files.

Talk about sick.. these tricks have the diamond disease!

WordPress

WordPress Plugin for Apache .htaccess Security

Askapache Password Protect Security Features

  1. gzip's previous .htaccess file and sends it as an attachment to the logged in users email account along with password user setup.
  2. Now also works for sites running on SSL (PHP version >4.3.0)
  3. Rewrote the security module code in the form of snort, nessus, and mod_security rules and signatures
  4. Added a *real* check to see if mod_rewrite is installed
  5. Added Modules that remove directoryindexes
  6. Much more on the way..

WordPress

WordPress .htaccess in-depth

WordPress PermalinksWordPress uses a file named .htaccess to rewrite all requests to the main index.php file. This article explains what the htaccess file rules look like and what they actually do.

Htaccess

An AskApache Plugin Upgrade to Rule them All

An AskApache Plugin Upgrade to Rule them AllSo my blog as been rather quiet for almost a year now, and very few updates if any have been released for my Password Protection PLugin, my Google 404 Plugin, and definately not for my AskApache CrazyCache plugin, which I will be releasing last... So for all of you who've helped me out by sending me suggestions and notifying me of errors and sticking with it... Just wanted to say sorry about that, and thanks for all the great ideas.. Well, I've been sticking with it as well believe it our not. I manage to get free days once in a while, and then its time to jam.

WordPress

WordPress RewriteRules Viewer

AskApache RewriteRules Viewer Plugin PanelOften I am programming a plugin, or modifying my .htaccess rules, or editing a WordPress template file and I get stuck when it comes to how WordPress rewrites url's internally. This simple plugin displays all the internal WordPress rewrites.

WordPress

Tips on Writing WordPress Plugins

WordPress Plugin Template: AskApache PluginsThought I'd give you all the tips and tricks that I've learned and use when developing WordPress plugins.. which can be quite fun!

WordPress

Updated robots.txt for WordPress

WordPress robots.txt SEOImplementing an effective SEO robots.txt file for WordPress will help your blog to rank higher in Search Engines, receive higher paying relevant Ads, and increase your blog traffic. Get a search robots point of view... Sweet!

SEO

FastCGI on DreamHost

Using FastCGI on DreamHost and .htaccess

Shell Scripting

Removing Category Base from WordPress URLs

How To remove the /category/ from WordPress category urls.

James
We're using WP as a CMS with pages and posts. Done a bit of customization, so it looks sweet. Problem - i have some child categories that throw 404 when the category redirect is in place. How did you remove the category base from the url structure in wordpress?

WordPress

Chmod, Umask, Stat, Fileperms, and File Permissions

Unix file permissions are one of the more difficult subjects to grasp.. Well, ok maybe "grasp" isn't the word.. Master is the right word.. Unix file permissions is a hard topic to fully master, mainly I think because there aren't many instances when a computer user encounters them seriously, and bitwise is oldschool. This contains a listing of all possible permission masks and bits from a linux, php, and web hosting view.... cuz you guys AskApache Regs Rock!

Security

Redirecting RSS to Feedburner

FeedBurner, the best syndication company in the worldFeedBurner is so RAD! I love it. Here's an alternative method to redirect scrapers and feed requests to your feedburner url, in my case, I use Branding by feedburner, which is so hot, taking advantage of CNAMEs in your DNS record.

Htaccess

Speed Up Sites with htaccess Caching

2 awesome ways to implement caching on your website using Apache .htaccess or httpd.conf. Both methods are extremely simple to set up and will dramatically speed up your site!

Htaccess

Advanced .htaccess Tricks for Securing Sites

This is all new, experimental, and very very cool. It literally uses .htaccess techniques to create several virtual "locked gates" that require a specific key to unlock, in a specific order that cannot be bypassed. It uses whitelisting .htaccess tricks to specify exactly what is allowed, instead of trying to specify everything that isn't allowed. Also, by setting specific cookies/tokens after successfully passing through a gate, we can then require the exact cookie/token from the previous gate, which stops an attacker from skipping or bypassing gates.

Htaccess

Hacking VLAN switched networks

Bypassing VLAN security on networked switchesThere isn't much vlan info on the net in terms of specifics and I had to learn all about it because I needed to log in to a switch that was on a different vlan. With the help of the Ettercap developers NaGA and ALoR I figured it out.

Hacking

Fast and Easy Custom WordPress New User Registration

Registering on a WP blog requires entering a username and email then checking your email for an auto password.

Too much work to put your users through?

This uses just email and password and does it all.

WordPress

My Online Tools


Popular Articles



Hacking and Hackers

The use of "hacker" to mean "security breaker" is a confusion on the part of the mass media. We hackers refuse to recognize that meaning, and continue using the word to mean someone who loves to program, someone who enjoys playful cleverness, or the combination of the two. See my article, On Hacking.
-- Richard M. Stallman


Live Free or Die
Newest Posts
Website Speed Tips Series
  1. Turn On Compression
  2. Add Future Expires Header
  3. Add Cache-Control Headers
  4. Turn Off ETags
  5. Remove Last-Modified Header
  6. Use Multiple SubDomains

Friends and Recommends
Twitter





The power of the Web is in its universality. Access by everyone regardless of disability is an essential aspect. -Tim Berners-Lee





[hide]

It's very simple - you read the protocol and write the code. -Bill Joy

HTML | DCMI | GRDDL | OGP | XOXO | XDMP | XFN | DOM | XML | XHTML1.1 Strict | CSS2.1 | W3C |

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution 3.0 License, just credit with a link.
This site is not supported or endorsed by The Apache Software Foundation (ASF). All software and documentation produced by The ASF is licensed. "Apache" is a trademark of The ASF. NCSA HTTPd.
UNIX ® is a registered Trademark of The Open Group. POSIX ® is a registered Trademark of The IEEE.

Site Map | Contact Webmaster | License and Disclaimer | Terms of Service

↑ TOPMain