Learn how to enable HSTS (HTTP Strict Transport Security) in Linux Apache .htaccess. I wrote about enabling HTTP Strict Transport Security (HSTS) in IIS earlier. But what about enabling HSTS in Apache .htaccess? Here is how.
Since Apache 2.4.6, a new module is used to configure and set up access control for websites: mod_authz_core. This means you have to use a different syntax for allowing or blocking hosts and IP addresses to your website. Apache Access Controle done right in WordPress .htaccess.
How to protect your WordPress from brute-force XML-RPC attacks, because the WordPress XML-RPC API has been under attack for many years now.
Learn to protect your WordPress website with this web.config file on Windows Server IIS. Block IP addresses, bad bots, query string sequences
How to identify, block, mitigate and leverage xmlrpc.php scans, brute-force, and user enumeration attacks on WordPress sites... Secure WordPress xmlprc.php interface and reduce service disruption.
Windows Server IIS loves to tell the world that a website runs on IIS. It does so with the "Server:" header in the HTTP response, as shown below. In this post I'll show you how to remove HTTP response headers in Windows Server IIS. You don't want to give hackers too much information about your servers, right?.
In this post I provide you various HTTP to HTTPS redirection methods, for Windows Server IIS and Linux Apache. Use these examples to your advantage to secure the traffic between your visitors and your website.
This post describes some of the IIS URL Rewrite Module web.config equivalents of commonly used Apache .htaccess settings. You'll learn how to translate .htaccess content to IIS web.config, this is useful when you need to migrate your website from Apache to Windows Server IIS.
