Disallow direct access to PHP files in wp-content/uploads/
Secure wp-content/uploads in Linux Apache and Windows Server IIS
Check WordPress Core files integrity
Check WordPress integrity, verify WordPress Core files md5 checksums against WordPress’ checksums API, using this standalone PHP file. I chose to use a standalone PHP script to check the md5sum of WordPress Core files against the API so you’re not dependent on a possibly hacked WordPress installation. This kind of guarantees the result can be trusted, as opposed to using a WordPress plugin. I think this is a better integrity check of WordPress Core files.
HackRepair.com’s Bad Bots .htaccess in web.config for IIS
Jim Walker from HackRepair.com posted a 2016 version of his Bad Bots .htaccess on Pastebin. I offered Jim to translate his Bad Bots .htaccess to web.config, to be used with Windows Server IIS. And here it is, learn to protect your WordPress website with this web.config
file!
My WordPress web.config
Do you host your WordPress website on Windows Server IIS? And are you having trouble with your web.config? I often receive questions about how to use a web.config file in WordPress on Windows Server, and which settings are important for a WordPress site. Maybe it’s because I’m a WordPress on Windows Server IIS enthusiast, so here is my web.config for your convenience (really, it’s not that special).
Secure WordPress uploads folder, disable PHP execution
Deny direct access to PHP files in wp-content/uploads/
Exploit PHP’s mail() to get remote code execution
Exploit PHP’s mail()
function to perform remote code execution, under rare circumstances.
Grep for forensic log parsing and analysis on Windows Server IIS
How to use GnuWin32 ported tools like grep.exe and find.exe for forensic log file analysis in Windows Server. In this article I’ll give some real live examples of using these ported GnuWin tools like grep.exe
for logfile analysis on Windows servers. The article provides three example, as an alternative to LogParser, because finding spam scripts fast is often very important.
7 Snippets to use .htaccess as a Web Application Firewall
Here are 7 .htaccess snippets for you to secure your website, by using .htaccess as a kWeb Application Firewall (WAF). You can use this information to block exploits and rogue HTTP requests on your website.
Loading time: 85 queries, 0.239 seconds using 13989984 bytes memory. Peak memory usage: 14340320 bytes.