Blocking China

I do not trust the Chinese Government. Say one thing and do another.

I have also been getting probes from Chinese IP addresses so I’m blocking  all the known IP addresses that China uses. Call me paranoid but it’s better to be safe than sorry.

There are over 330 million IP addresses that China use and you can get a list of these addresses from

WordPress Reminders

Quick WordPress reminders or tips that shouldn’t be forgot [a moving checklist]

  • Pick plugins carefully. Look at the number of active installations and user ratings — higher numbers reflect its usefulness and security. No one in their right mind will use an known insecure plugin. Look at the date when it was last updated — it shows how active the developers are in modifying, upgrading, improving their plugin.
  • Pick themes with care. Check the theme details, click on Live Preview and see how the site looks with it. If I cannot do a Live Preview, move on to the next that interests you. I usually look the the featured themes as I assume they have been looked over by a human third party not involved in the theme’s development.


AIOWPS and the WordPress mobile app

I cannot login to my WordPress site using the Android mobile app. I have the All In One WordPress Security (AIOWPS) plugin installed and enabled the Completely Block Access to XMLRPC checkbox.

I have to note that when I blocked access to XMLRPC my failed logins went from more than 3,000 for one month to zero which means the login bots were trying to guess a username/password combination to gain access to the site.

I prefer to keep blocking XMLRPC access but I also want to use the mobile app.

I found two ways around this situation.

If I want to use the WordPress mobile app, I really have to uncheck the  Completely Block Access to XMLRPC checkbox keeping the Disable Pingback Functionality From XMLRPC checked.

If I want to keep my sense of security, I have to block access to XMLRPC and just use a browser instead of the WordPress app in my mobile thingy.


keep it updated

I’ve heard people say WordPress and open-source in general is not secure. I believe otherwise. Simply keep the app and its associated plugins updated and you’re good.

If you customized your theme, the next theme update will wipe your customizations so seriously think of creating child themes. It’s easier than you think.

Should the plugins you use stops development then ditch it and look for another plugin.

Sometimes the process is tedious but you’ll feel more secure about your WordPress site.

password minimums

Maybe it’s time to level up you password’s minimum number of characters from eight (8) to maybe 10 or even 15. Remember that the longer the password the more difficult it would be to crack it.

I was also considering to implement this change in the company I work in. I expect some will have their say of it but it’s for their own security.

Removing old kernels

check the kernel you’re using:

$ uname -r


Do NOT delete that kernel!


List the old kernels:

$ sudo dpkg --list 'linux-image*'|awk '{ if ($1=="ii") print $2}'|grep -v `uname -r`



Remove the old kernels one by one:

$ sudo apt-get purge linux-image-3.19.0-25-generic


Remove the packages that are not needed anymore:

$ sudo apt-get autoremove


Update the grub kernel list:

$ sudo update-grub


References :
Safest way to clean up boot partition – Ubuntu 14.04LTS-x64

force https

Backup your .htaccess file.

In the .htaccess  file add this to the top:

# Always use https for secure connections
# Replace '' with your domain name
# (as it appears on your SSL certificate)
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$$1 [R=301,L]

Important! Replace with your own domain name.

That  should do it (worked for me)

Changing directory or file permissions or ownerships

Recursively change ownership of directories or files

find /www -type d -exec chown root:root {} \;

find /www -type -f -exec chown root:root {} \;

1: find directories under /www and execute the chown command on each directory found and change their ownership to root
2: find files under /www and execute the chown command on each directory found and change their ownership to root


Recursively change permissions for a directory or file

find /www -type d -exec chmod 644 {} \;

find /www -type f -exec chmod 644 {} \;


Your password – change it

I get a number of reports that there are attempts to login to email accounts. Those are most likely bots that try to guess your email password. If you’re stuck in the 80s or 90s then this means that your password is literally just a single word with at least 8 characters.

Time to change it. Seriously.

Change it from a password to a passphrase — the one that’s stuck in your head since December last year. Or invent one that you know you’ll never forget. Make your phrase at least 17 characters in your own language or dialect. Just be sure you won’t forget it.

Too many passphrases to remember? Use a password manager that works for you.  lifehacker has a recently updated list of their top 5 password managers. Pick your poison.