Sysadmins of the North

Technical blog, where topics include: computer, server, web, sysadmin, MySQL, database, virtualization, optimization and security

Search results: ".htaccess" (page 1 of 2)

Security?

Security?

WordPress .htaccess security best practices in Apache 2.4.6+

5 November 2018 / / 4 Comments

Apache Access Control done right, ‘Allow/Deny from all’ versus ‘Require All Granted/Denied’

Since Apache 2.4.6, a new module is used to configure and set up access control for websites: mod_authz_core. This means you have to use a different syntax for allowing or blocking hosts and IP addresses to your website. But unfortunately, old documentation is never updated and people even still write blog posts using that old syntax, leaving you with an unprotected website. Not what you had in mind, now is it?…

Continue reading

HackRepair.com’s Bad Bots .htaccess in web.config for IIS

19 February 2016 / / 13 Comments

Jim Walker from HackRepair.com posted a 2016 version of his Bad Bots .htaccess on Pastebin. I offered Jim to translate his Bad Bots .htaccess to web.config, to be used with Windows Server IIS. And here it is, learn to protect your WordPress website with this web.config file!

Continue reading

RewriteProxy with .htaccess in IIS

8 October 2015 / / 0 Comments

Rewrite and proxy HTTP requests in IIS using a .htaccess

In my case scenario, I had to proxy requests in IIS, because a website was moved from web server A to B, and the DNS wasn’t updated yet. All HTTP requests for the moved website are handled in IIS’ Default Web Site; that’s the wildcard host, and the original host no longer existed there. We needed to match our website and proxy those requests to the new IIS web server. This can either be done using a proxy with URL Rewrite, IIS Application Request Routing (ARR), or a .htaccess file handled by Helicon Ape.

Continue reading

Convert .htaccess to web.config

8 February 2013 / / 3 Comments

This post describes some of the IIS URL Rewrite equivalents of commonly used Apache .htaccess settings. This is useful when you want to convert your .htaccess to web.config. The second part of this post outlines how to use Internet Information Services Manager to import and convert .htaccess to web.config.

Continue reading

How to use .htaccess files on Windows Server IIS

28 December 2011 / / 5 Comments

Learn how to use .htaccess in Windows Server IIS. In this post I’ll provide you with some useful .htaccess URL rewrite examples. URL rewrite examples that you can use on Window Server IIS for your website.

Continue reading

7 Snippets to use .htaccess as a Web Application Firewall

3 August 2011 / / 2 Comments

.htaccess to secure your website

In this post I provide you with 7 .htaccess snippets to secure your website, by letting .htaccess act as a kind of Web Application Firewall (WAF). You can use this information to block out exploit- and rogue HTTP requests on your website.

Continue reading

How to: Protect WordPress from brute-force XML-RPC attacks

2 June 2017 / / 2 Comments

The WordPress XML-RPC API has been under attack for many years now. Back in August 2014, WordPress released version 3.9.2, fixing a possible denial of service issue in PHP’s XML processing. There are brute-force amplification attacks, reported by Sucuri, and so on. So, how do you protect WordPress from xmlrpc.php attacks, but still being able to use (some of) its functionality like Jetpack? This post gives you some insight.

Continue reading

Tips to speed up WordPress, serve gzip compressed static HTML files

5 September 2016 / / 7 Comments

Who said WordPress is slow on Windows Server IIS? Gzip compress and serve WP-Super-Cache or Cache Enabler static HTML files, to supercharge your WordPress blog. Here is how to serve gzip compressed HTML files through Windows Server IIS: create smaller, compressed, static HTML files, that are downloaded faster. This works with WP-Super-Cache and Cache Enabler on IIS!

Continue reading

How to optimize your WordPress hosting – 9+ practical tips

31 August 2016 / / 14 Comments

Isn’t it true that, when you (start to) develop WordPress websites for clients, and you host them yourself, you find yourself in a situation where you need to know a lot about “stuff” other than WordPress development? In this optimizing WordPress hosting post, I provide 9+ practical tips for you, to improve WordPress hosting performance. Especially useful if you plan to develop and host WordPress websites yourself.

Continue reading

WordPress advisory: Akal premium theme XSS vulnerability & abandonded

22 August 2016 / / 2 Comments

Over the course of one week I had the opportunity to audit two hacked WordPress websites. I could quickly discover two vulnerabilities: a Cross Site Scripting, or XSS, in a premium WordPress theme Akal, and a Denial-of-Service in an undisclosed newsletter plugin. This post describes the Akal premium WordPress theme XSS vulnerability.

Continue reading
SSL Summary A plus

SSL Summary A plus

SSL in WordPress: how to move WordPress to HTTPS? The definitive guide

15 July 2016 / / 6 Comments

Having an SSL certificate in your WordPress is the de-facto standard nowadays, did you know that? Google ranks sites having HTTPS higher in their SERP. But in WordPress, how do you configure an SSL certificate and HTTPS URL? You’ll learn the important steps to move WordPress from http to https in this post.

Continue reading

Critical 0-day vulnerability in Joomla patched, update to 3.4.6 now!

14 December 2015 / / 0 Comments

The Joomla security team have just released a new version of Joomla to patch a critical remote command execution vulnerability that affects all versions from 1.5 to 3.4. This is a serious vulnerability that can be easily exploited and is already in the wild.

Continue reading

My WordPress web.config

22 June 2015 / / 17 Comments

Do you host your WordPress website on Windows Server IIS? And are you having trouble with your web.config? I often receive questions about how to use a web.config file in WordPress on Windows Server, and which settings are important for a WordPress site. Maybe it’s because I’m a WordPress on IIS enthusiast, so here is my web.config for your convenience (really, it’s not that special).

Continue reading

Secure WordPress uploads folder, disable PHP execution

19 April 2015 / / 1 Comment

The following PHP function secures your WordPress website by disabling the execution of PHP scripts in wp-content/uploads, on IIS web servers. It creates a web.config file for this purpose.

Continue reading
Joomla logo

Joomla Logo

Joomla websites abused as open proxy for Denial-of-Service attacks

16 November 2014 / / 1 Comment

Joomla websites using the Googlemaps plugin for Joomla are actively abused as open proxy for launching Denial-of-Service (DoS) attacks. Even though the Googlemaps plugin vulnerability plugin_googlemap2_proxy.php was released over one and a half (1,5) years ago, I still see these DoS-attacks happening on a regular basis…

Continue reading
« Older posts

Navigation

Also visit:

ITFAQ.nl
WordPress hosting, ASP.NET & ASP.NET Core hosting - @Vevida
Reilink.nl

Top search keyphrases

  • iis redirect http to https
  • appcmd
  • list spn
  • 2008 iis server gpo policy recommendations
  • setspn list
  • wsuspool keeps stopping
  • iis hsts header
  • dism disk cleanup
  • hide iis server name
  • sleep command mysql
  • asp.net sql server connection example
  • certificate error the underlying connection was closed could not establish trust relationship for the ssl/tls secure channel.
  • determine .net version installed
  • set app pool recycle time
  • forfiles recursive delete
  • no hsts on 500 response
  • windows server file share cleanup
  • powershell exit set exit message
  • powershell extract non zip
  • powershell remove spn
  • ssh tunnel for rdp windows10
  • powershell exit code
  • windows server 2012 r2 disk cleanup issues
  • hide php extension iis url rewrite
  • putty tunnel 3389
  • http strict transport security hsts header to the https responses
  • asp.net max url length
  • migrate kms host to another server
  • error [] operator not supported for strings [] operator not supported for strings
  • rdp over ssh
  • powershell file attributes

25 Most Popular Tags

.htaccess ASP.NET Bash IIS Joomla linux MySQL optimization performance PHP plugin PowerShell security SMTP SQL Server SSL URL Rewrite web.config web application security website WinCache Windows Windows 10 WordPress XSS

Top 15 entry posts

Disk Cleanup in Windows Server | List all SPNs used in your Active Directory | Remove IIS Server version HTTP Response Header | Tunnel RDP through SSH & PuTTY | 5 Extra ways to clean up disk space in Windows Server | Fatal error: Uncaught Error: [] operator not supported for strings – PHP 7.1 | MySQL InnoDB performance improvement: InnoDB buffer pool instances – Updated! | How to install IIS URL Rewrite Module on Windows Server 2016 & IIS 10 | WsusPool keeps crashing: stops again and again | "The length of the URL for this request exceeds the configured maxUrlLength value" | PowerShell return value, exit code, or ErrorLevel equivalent | How to redirect HTTP to HTTPS on IIS | How to hide the .php file extension with IIS URL Rewrite Module | Enable NTFS long paths in Windows Server 2016 by Group Policy | Fix "Could not establish trust relationship for the SSL/TLS secure channel" error

© 2019 Sysadmins of the North

Theme by Anders NorenUp ↑

LQtO sI FUP k I MLOg