Block bad bots in WIndows Server IIS using web.config. Learn to protect your WordPress website with this web.config file!
Do you host your WordPress website on Windows Server IIS? And are you having trouble with your web.config? I often receive questions about how to … Read More
WordPress 3.5 on IIS 8.0 is unable to save a web.config file because of a hard IIS version check in wp-includes/vars.php. Quick fix available here.
This post describes some of the IIS URL Rewrite Module web.config equivalents of commonly used Apache .htaccess settings. This is useful when you convert your Apache .htaccess to IIS web.config. The second part of this post outlines how to use Internet Information Services Manager to import and convert .htaccess rules to web.config.
Out of the box, Umbraco is a well built and pretty fast content management system. However, it is important you perform some steps to further optimize Umbraco’s performance and loading speed. Here on Sysadmins of the North, I wrote about “11+ tips to optimize Umbraco CMS” earlier, and in this post I write about implementing them. On a just installed and running website.
Here are 3 ways of blocking access to a PHP sendmail.php script on your Windows Server IIS webserver. This comes in handy if a websites on your webserver sends out spam and you need to block access to a script on a specific website or globally in IIS. You can use a web.config file for this purpose, and here is how.
Learn how to install and configure IIS Manager (InetMgr) for Remote Administration of your Windows Server IIS web server, in Windows 10. You can use IIS Manager to administer various components of your website through a graphical user interface (GUI), if it’s hosted in IIS. This post also shows how to install IIS Web Management Service (WMSVC) on Server Core using PowerShell.
It’s recommended to disallow access to and execution of PHP files in wp-content/uploads folder. Preferably without the use of a security plugin. Blocking access to PHP files in WordPress wp-content/uploads folder is easily achieved with a .htaccess file on Linux Apache, or web.config accesssPolicy in Windows Server IIS, and here is how.
Basic Authentication managed HTTP module for IIS 10 with virtual users support. In my pursuit of a basic authentication alternative in IIS, other than the built-in Basic Authentication module or Helicon Ape, I came across Devbridge AzurePowerTools. It’s apparently one of few HTTP managed modules for IIS that enables HTTP Basic Authentication with support for virtual users.
The WordPress XML-RPC API has been under attack for many years. Back in August 2014, WordPress released version 3.9.2, fixing a possible denial of service issue in PHP’s XML processing. There are brute-force amplification attacks, reported by Sucuri, and so on. So, how do you protect WordPress from these xmlrpc.php attacks, optionally still being able to use (some of) its functionality like Jetpack? This post gives you some insights.
Who said WordPress is slow on Windows Server IIS? Gzip compress and serve WP-Super-Cache or Cache Enabler static HTML files, to supercharge your WordPress blog. … Read More