HackRepair.com’s Bad Bots .htaccess in web.config for IIS

Jim Walker from HackRepair.com posted a 2016 version of his Bad Bots .htaccess on Pastebin. I offered Jim to translate his Bad Bots .htaccess to web.config, to be used with Windows Server IIS. And here it is, learn to protect your WordPress website with this web.config file!

My WordPress web.config

Do you host your WordPress website on Windows Server IIS? And are you having trouble with your web.config? I often receive questions about how to use a web.config file in WordPress on Windows Server, and which settings are important for a WordPress site. Maybe it’s because I’m a WordPress on Windows Server IIS enthusiast, so …

Read more

WordPress 3.5 on IIS 8.0 is unable to save a web.config file

This website Saotn.org is hosted on Windows Server 2012 with IIS 8.0 with WordPress for a few months now, and everything is running very smooth. And I would never hit this bug because I don’t need to change my permalinks structure, or save any other plugin setting which would want write to a web.config file. …

Read more

Convert .htaccess to web.config

This post describes some of the IIS URL Rewrite Module web.config equivalents of commonly used Apache .htaccess settings. This is useful when you convert your .htaccess to web.config. The second part of this post outlines how to use Internet Information Services Manager to import and convert .htaccess rules to web.config.

How to optimize Umbraco 8 performance

Umbraco logo blue

Learn how to optimize a site running Umbraco 8 with a Microsoft SQL Server database back-end.

Out of the box, Umbraco is a well built and pretty fast content management system. However, it is important you perform some steps to further optimize Umbraco’s performance and loading speed. Here on Sysadmins of the North, I wrote about “11+ tips to optimize Umbraco CMS” earlier, and in this post I write about implementing them. On a just installed and running website.

3 Ways of blocking sendmail.php on IIS webserver

Here are 3 ways of blocking access to a PHP sendmail.php script on your Windows Server IIS webserver. This comes in handy if a websites on your webserver sends out spam and you need to block access to a script on a specific website or globally in IIS. You can use a web.config file for …

Read more

Install and setup IIS Manager for Remote Administration in Windows Server IIS

IIS Manager for Remote Administration in Windows 10

Learn how to install and configure IIS Manager for Remote Administration of your Windows Server IIS web server, in Windows 10. You can use IIS Manager to administer various components of your website through a graphical user interface (GUI), if it’s hosted in IIS.

Disallow direct access to PHP files in wp-content/uploads/

Set PHP handler accessPolicy (Request Restrictions) to Read in IIS

Secure wp-content/uploads in Linux Apache and Windows Server IIS It’s recommended to disallow access to and execution of PHP files in wp-content/uploads folder. Preferably without the use of a security plugin. Blocking access to PHP files in WordPress wp-content/uploads folder is easily achieved with a .htaccess file on Linux Apache, or web.config accesssPolicy in Windows …

Read more

Basic Authentication module for Windows Server IIS 10

HTTP Basic authentication

Basic Authentication managed HTTP module for IIS 10 with virtual users support In my pursuit of a basic authentication alternative in IIS, other than the built-in Basic Authentication module or Helicon Ape, I came across Devbridge AzurePowerTools. It’s apparently one of few HTTP managed modules for IIS that enables HTTP Basic Authentication with support for …

Read more

How to: Protect WordPress from brute-force XML-RPC attacks

The WordPress XML-RPC API has been under attack for many years now. Back in August 2014, WordPress released version 3.9.2, fixing a possible denial of service issue in PHP’s XML processing. There are brute-force amplification attacks, reported by Sucuri, and so on. So, how do you protect WordPress from xmlrpc.php attacks, but still being able …

Read more

Tips to speed up WordPress, serve gzip compressed static HTML files

Who said WordPress is slow on Windows Server IIS? Gzip compress and serve WP-Super-Cache or Cache Enabler static HTML files, to supercharge your WordPress blog. Here is how to serve gzip compressed HTML files through Windows Server IIS: create smaller, compressed, static HTML files, that are downloaded faster. This works with WP-Super-Cache and Cache Enabler …

Read more

SSL in WordPress: how to move WordPress to HTTPS? The definitive guide

HTTPS for WordPress

Having an SSL certificate in your WordPress is the de-facto standard nowadays, did you know that? Google ranks sites having HTTPS higher in their SERP. But in WordPress, how do you configure an SSL certificate and HTTPS URL? You’ll learn the important steps to move WordPress from http to https in this post.

Show Buttons
Hide Buttons