Posted on

AIOWPS and the WordPress mobile app

I cannot login to my WordPress site using the Android mobile app. I have the All In One WordPress Security (AIOWPS) plugin installed and enabled the Completely Block Access to XMLRPC checkbox.

I have to note that when I blocked access to XMLRPC my failed logins went from more than 3,000 for one month to zero which means the login bots were trying to guess a username/password combination to gain access to the site.

I prefer to keep blocking XMLRPC access but I also want to use the mobile app.

I found two ways around this situation.

If I want to use the WordPress mobile app, I really have to uncheck the  Completely Block Access to XMLRPC checkbox keeping the Disable Pingback Functionality From XMLRPC checked.

If I want to keep my sense of security, I have to block access to XMLRPC and just use a browser instead of the WordPress app in my mobile thingy.

 

Posted on

keep it updated

I’ve heard people say WordPress and open-source in general is not secure. I believe otherwise. Simply keep the app and its associated plugins updated and you’re good.

If you customized your theme, the next theme update will wipe your customizations so seriously think of creating child themes. It’s easier than you think.

Should the plugins you use stops development then ditch it and look for another plugin.

Sometimes the process is tedious but you’ll feel more secure about your WordPress site.

Posted on

password minimums

Maybe it’s time to level up you password’s minimum number of characters from eight (8) to maybe 10 or even 15. Remember that the longer the password the more difficult it would be to crack it.

I was also considering to implement this change in the company I work in. I expect some will have their say of it but it’s for their own security.

Posted on

Removing old kernels

check the kernel you’re using:

$ uname -r

4.4.0-104-generic

Do NOT delete that kernel!

 

List the old kernels:

$ sudo dpkg --list 'linux-image*'|awk '{ if ($1=="ii") print $2}'|grep -v `uname -r`

linux-image-4.4.0-103-generic
linux-image-extra-4.4.0-103-generic

 

Remove the old kernels one by one:

$ sudo apt-get purge linux-image-3.19.0-25-generic

 

Remove the packages that are not needed anymore:

$ sudo apt-get autoremove

 

Update the grub kernel list:

$ sudo update-grub

 

References :
Safest way to clean up boot partition – Ubuntu 14.04LTS-x64

Posted on

force https

Backup your .htaccess file.

In the .htaccess  file add this to the top:

# Always use https for secure connections
# Replace 'www.example.com' with your domain name
# (as it appears on your SSL certificate)
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]

Important! Replace www.example.com with your own domain name.

That  should do it (worked for me)