My Public Key

For those of you who need to send me encrypted email or files, here is my up and coming updated public key. Some of you guys know how to work this.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: Mailvelope v2.2.2
Comment: https://www.mailvelope.com

xsFNBFtuhYUBEACZO4fhe8WyDErqUmpxZngbvBKKilWr4C2PCLVUMdNOT8x0
lZdA9YUEP2pB0FKoAylrw94E26ZXJ9UsrEj2s0u2KeqToarBxp7qt1Wlo8aC
g8YdTT2m0K9pDW47Gl17QMN7E7P6YIvWPqVjtLosAXmzqVUaI6xcIEmM1aOs
/0X2GX1aQRs1ghIOd5x5DlurRZJXrAJFkeH0zbagy9ZE9/ZpouH1vsGVzbnj
l1Xjkf5c7PEYSJrcmRQJSbWIe8bapzjTUlSwQUwfhAxqdWRQxlq9VD66QjA+
URBydPWkv3V/fZBw7qDtRD9Pb8EL+qBBi/QhIM2eE2v93RihuEv2xVmfz2ds
qhNfQ13I7/HdV8GtYEglnqQkyJKmhFnk3+oHI1tW71FsCAbT9QDUjZWuRj93
0qzNZyVlv0YVtyso03R08dm/8/5BwF4hG7lDvPk5R270BnBVTbkVH8SVJuA5
V7r3+M6N7WyDEvsJQKNvbtF2jaiReZyh0JT0qibAfkrGgVCmNqI7wCtR6jtE
UqlmR4+apZtk44hMllU5eNsxYT+nj8TCnVVxKMMjZbn3EhDOhnWv9jfk86Pv
j+58ioc571d7gmY3+IE6j/adG9ENqKNS9Jp5NmLvCtiZrqJQWSl9A3r5gxXr
qmVYv/WsPWy7dZeaTcW3VLpU4FEEsL4t1PfLxwARAQABzSVOb2VsIEFsYW5n
dWlsYW4gPG5vZWxAYWxhbmd1aWxhbi5jb20+wsF1BBABCAApBQJbboWJBgsJ
BwgDAgkQkoE8pskbeIcEFQgKAgMWAgECGQECGwMCHgEAAOW5D/0SbgHCZVBO
iXj/gPqS+dqcRehbiIKstmy1FZM5wza/LfauVpV7oFZ7CLvx32bIa01XjsHu
6dvd+XPw9mdhtvva9IgoSAJRYYLuCu54t++AYxe9Gcb4DZf/VLq0ybqWqujw
btJ1Zn8PTFhPS0M3VXOeyo0C37udNk68TbtuKM0pEQcqIdzYy/HLDPMMtvnX
D66nrgh1uQK/57xEOySRDgDfSqEXC7M0hhs1GAI/KPibSuOfDD63ZgY5eUKk
UME860Q9TKFDR+Ovcwi4nOKTOz7NINybhdrU7/NUTfZDmifJoxUZampHrOg5
xP/J6eVFwVonydlEElx3Pnoh+6DEBUtffpmrQ/nLCI3Q5PUBNPeQ4t/LbtKd
n1//afNEjRizHHP+eHmWG2C+nC7mUsSeiiWLl6eL0FqZ7/fn/oYfVikdtpGF
YjVt72k+FNB+uksDzoZfT8sxTL+eYcGB/rmLtVQKu25VMIsCz2x41lWmbwES
kGbMWQEjNKhlJ5nioAnOBq0FAT+FxI+7SzbY8uqliwNnTYk6PA/MiZJ3BnIq
3oKtzOcAIZHBLdXm7qmMHodMj/89rJ9v0PADYNeQCTY3894o13F4SXkjhq0e
XwCQ2NDGeqTiS6eXb/Tpr1s4BRRhbLFe87W7Lpz0hPUVMd8aLcsNoDBawn3N
blrYIlCys02odc0rTm9lbCBBbGFuZ3VpbGFuIDxub2VsLmFsYW5ndWlsYW5A
Z21haWwuY29tPsLBjgQTAQgAOBYhBKzw81VGF82uMaQR4ZKBPKbJG3iHBQJb
box3AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEJKBPKbJG3iHESsP
/3BuxIONM1y0vQ8WwYY5QLVy+qE1knQJXdKy/NOcwZRiaiqoD/D0hxhovCJH
/26dSaNsi+Db+sCB3uWf4T24XFjt7EDtdaHNNp7YR/JAoPlTThNBvC9Gnh4u
AzTeXz7eOHxaE7s/m4F+Sf38sA18T8kq9qc/IT7vOXVLbxuc6XJhJ0oZidqo
dtjuZewtR+Tqjgq/RHX4SFOpXESYq1eDUWnpipZd6iHLXHpqG+DpZSBsXFy6
fzXUPutT2VTBlqkL1ecc8/ZxOj1MU8YhW06oFIsixYbTwU8SeuCgI/bRWys3
U4fDxYfHI2Ajo0uh9Jr5Cd5w2rvIKdyEG+mooNyPxcsbmS8MckQh6l8gZ01t
WelchbvvuC9jcL8FeVB1CFLuaZinDbW+p4NNnz97IqJZxfIFkM+NI+AaOb/b
/uj49P56VGpig/6DDhiwa+juAIoSdwJiR2XOk0vJFyVsezG7MmWEluDxPA9C
ax50yKcdAusztvY6/WfGkHiQy/j8gmgKeFZJ5mTbpbtfSM/EB1H5kib8K9qN
UEKJw2nRA4/hAYg/EBfqqJIbhCd6jm+XzNN8Du2Y37X48HkWhucJWyswdUlO
E+U5UAkGygs68HeBDipMnSjNxQ9+eJYN64u9zz7E9D/mmMwJDc6wvM17iaSv
Ta8ZiLwUFGFghb/CUOig6H+WzSpOb2VsIEFsYW5ndWlsYW4gPGhlYWRsZXNz
c3BpZGVyQGdtYWlsLmNvbT7CwY4EEwEIADgWIQSs8PNVRhfNrjGkEeGSgTym
yRt4hwUCW26MhwIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRCSgTym
yRt4h6vCD/9OncVpmFfQZGur6tp//MPb/miRL1iVt5wVhvZOfp0eT5pDOnKZ
pFe6Q7OFFe3913r780JK+oPMYuPA7LLSIFFVMZBAbbqgJqo0DnowNBdS/AKy
p1ym/ym8yU9ScrprST4RdRDO3U7X/V9131Su3dJDughDF42mrtTUIFE7tC5M
07wyCbH67VX7lPELo1WsH3DO5awkuigDNEyoz1Sp8TuRppPEEjbEY62bkZM8
XBrpC7pNEKEIt7v3rNylgtaeZlAP19WK+z0dYlYgv/AXDjjxOVn4c04bW73o
ZHLetielsLTfDYdaxThJVZ9bUaYX5/SuwazBOaPjJbIcIhZtjTOCg48OTiul
EYMKFdQ4DI1dn2Ryq9hsfgDl8aIzyPvqFzbdngmtYZ8vb84wdAU5/eaGMkPe
v8vrYXoXH3e/YBgMIbk3lmYQQHHtoSUvkz1baJP/zUqe1IshAwedH2YMPqul
H/Y3RLlOwseDtIsrKw7ChqsFoJPq96ldR2oxHhOfWIPa+yYdaLdBv3SxP5+B
GuluDy2fJ+d0tdEGaTPAKjMt0CQ01jBKQaXQxEQr7ZOFkt1ny4q2dNOqoqeK
OFcl0132g6VlZ7Amg71Zvhj+iFKeiHgw9Yyn9nzK/KplPXJT0xhQGl2cyqwa
FCvdwGG0gD9Q2F0jHJL2sm16xM+eCsKVtM7BTQRbboWFARAA7GFOZdfyTmmZ
9kC+xVIxKkvKliT7swrcK0LqAqe7ByCgbxjtcNBgI563FbMESlVKvUl38XB+
jjSfqNELjnv3sCpmDrHxPnOahkP/gwwhcz1VL5dxgxAg+1btQ4xiNlQInNg/
ekgtnplhDlhNTA6fJRM1bc5YFAxe0ebUTjuvFCtBmvSLUfmY2uJsFHws63Em
gLrshxZEsPriGIUlrU9pPZutg4oXck7AaggaiNPeRnsS5mUej14IF/+WmH4l
iDf62uice80K/LCFjm109sJYXm5l+ZlwZgaYaRosAPh7tZ+m8XH1YfLdGV3v
QaUnqlgabMO2332L14OVc3lxEFU9vngpFJmxe5Laa9n3BuSTK7y8RpiLU8sL
TpLWGlTiZ+jpolmab1ThA0j4UN+e5SxAkSU948sRrMaFHrc5iFJhDc7G0R9w
tg40g6k9pH6PZfEkfF7cqBxIK6RPcVhqsTUvsTN4DoBkJUfXdqeuOgK5syHZ
yl5P3Hgz9ZNPkQfgTMgCcoH/GIiFTpd0vmvmaqLe5gBo/ZkuXbk19dUdQrcI
FdLOUOCOdDYjOP32xLVoS/QxPWLT6GktJIVtGPZMjy6ssZ0tFOfDadazs0l2
p6GG3ERUNRkbE5MReaTLPi3WpwIYNltPkdXE9MIRrYhgW2oCWMqDgzdobgL6
laO8OrDeD3cAEQEAAcLBXwQYAQgAEwUCW26FiwkQkoE8pskbeIcCGwwAAMk0
D/sGLcXupk6SGK63nkzNO+OvPYWJ47ok9IJcPVv4AR/3v9Z8E+WkJna2gEG3
YOk4JT8dbgFm4enC3HPB5URODGp6tdqyFcYzq0FfRT5Qawc20cn/8jKLBC/C
gEKG8SiQiGsfH9B1lgf7fknmx9cyl3OH+/TsdW3WHwyxQzBT1IuJvZwMTYDI
tRccm7bsXCNpM2nwHzTDYBrcNEPKR+kgrXlvLWVK56ZQmEUmYcfSoy6vu9+V
vGWfhNenB7Bd+TgDjESBnAgUp9yK0KVHaGF4FBxVE6OyAivvExBL+gEYNpoN
jxVKNd9qUq9Tzh/LZkUnFZT6JQA8HjNOnOoRBrYbEkfwqm+Co2RdnQOgEguU
yWrL14VCAfC+1DRKVDEQ/UJJ9XmKHxWrE36PJ6c/mMwX6NE0PB4vvqDTYgrr
zM7o8jSiPEosYnh+cX1/NDR8OMhLxheckSthPVpxdGgIxysekIqEiDI2iBhn
WiFtz2Qaf6KU9dSZVNFIHZuP95AxKfT6nUGj1/S2uqCcSu8+xWYU9ysPmUTe
76oLJZAShYW0KZIszx4Gx9gsG9hPw75iZwHlk6rTvJj0NtmVCU0oxAhRydEn
oZIlkFG8G2DWtbR74caZH1/0joFu0NW6h+JkQmy+R0hhzLGBX3mXrlxm6rRN
Y1dGi9krn9TXPfhZyATeofFBsg==
=acbz
-----END PGP PUBLIC KEY BLOCK-----

 

Or you can download the ASCII file from here.

Blocking China

I do not trust the Chinese Government. Say one thing and do another.

I have also been getting probes from Chinese IP addresses so I’m blocking  all the known IP addresses that China uses. Call me paranoid but it’s better to be safe than sorry.

There are over 330 million IP addresses that China use and you can get a list of these addresses from IP2Location.com.

WordPress Reminders

Quick WordPress reminders or tips that shouldn’t be forgot [a moving checklist]

  • Pick plugins carefully. Look at the number of active installations and user ratings — higher numbers reflect its usefulness and security. No one in their right mind will use an known insecure plugin. Look at the date when it was last updated — it shows how active the developers are in modifying, upgrading, improving their plugin.
  • Pick themes with care. Check the theme details, click on Live Preview and see how the site looks with it. If I cannot do a Live Preview, move on to the next that interests you. I usually look the the featured themes as I assume they have been looked over by a human third party not involved in the theme’s development.

 

AIOWPS and the WordPress mobile app

I cannot login to my WordPress site using the Android mobile app. I have the All In One WordPress Security (AIOWPS) plugin installed and enabled the Completely Block Access to XMLRPC checkbox.

I have to note that when I blocked access to XMLRPC my failed logins went from more than 3,000 for one month to zero which means the login bots were trying to guess a username/password combination to gain access to the site.

I prefer to keep blocking XMLRPC access but I also want to use the mobile app.

I found two ways around this situation.

If I want to use the WordPress mobile app, I really have to uncheck the  Completely Block Access to XMLRPC checkbox keeping the Disable Pingback Functionality From XMLRPC checked.

If I want to keep my sense of security, I have to block access to XMLRPC and just use a browser instead of the WordPress app in my mobile thingy.

 

keep it updated

I’ve heard people say WordPress and open-source in general is not secure. I believe otherwise. Simply keep the app and its associated plugins updated and you’re good.

If you customized your theme, the next theme update will wipe your customizations so seriously think of creating child themes. It’s easier than you think.

Should the plugins you use stops development then ditch it and look for another plugin.

Sometimes the process is tedious but you’ll feel more secure about your WordPress site.

password minimums

Maybe it’s time to level up you password’s minimum number of characters from eight (8) to maybe 10 or even 15. Remember that the longer the password the more difficult it would be to crack it.

I was also considering to implement this change in the company I work in. I expect some will have their say of it but it’s for their own security.

Removing old kernels

check the kernel you’re using:

$ uname -r

4.4.0-104-generic

Do NOT delete that kernel!

 

List the old kernels:

$ sudo dpkg --list 'linux-image*'|awk '{ if ($1=="ii") print $2}'|grep -v `uname -r`

linux-image-4.4.0-103-generic
linux-image-extra-4.4.0-103-generic

 

Remove the old kernels one by one:

$ sudo apt-get purge linux-image-3.19.0-25-generic

 

Remove the packages that are not needed anymore:

$ sudo apt-get autoremove

 

Update the grub kernel list:

$ sudo update-grub

 

References :
Safest way to clean up boot partition – Ubuntu 14.04LTS-x64

force https

Backup your .htaccess file.

In the .htaccess  file add this to the top:

# Always use https for secure connections
# Replace 'www.example.com' with your domain name
# (as it appears on your SSL certificate)
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]

Important! Replace www.example.com with your own domain name.

That  should do it (worked for me)

Changing directory or file permissions or ownerships

Recursively change ownership of directories or files

find /www -type d -exec chown root:root {} \;

find /www -type -f -exec chown root:root {} \;

1: find directories under /www and execute the chown command on each directory found and change their ownership to root
2: find files under /www and execute the chown command on each directory found and change their ownership to root

 

Recursively change permissions for a directory or file

find /www -type d -exec chmod 644 {} \;

find /www -type f -exec chmod 644 {} \;

 

Your password – change it

I get a number of reports that there are attempts to login to email accounts. Those are most likely bots that try to guess your email password. If you’re stuck in the 80s or 90s then this means that your password is literally just a single word with at least 8 characters.

Time to change it. Seriously.

Change it from a password to a passphrase — the one that’s stuck in your head since December last year. Or invent one that you know you’ll never forget. Make your phrase at least 17 characters in your own language or dialect. Just be sure you won’t forget it.

Too many passphrases to remember? Use a password manager that works for you.  lifehacker has a recently updated list of their top 5 password managers. Pick your poison.