featured article
Blocking bad bots and search engines using .htaccess
Latest articles
.htaccess
Force HSTS in Apache .htaccess
2020-12-18
Learn how to enable HSTS (HTTP Strict Transport Security) in Linux Apache .htaccess. I wrote about enabling HTTP Strict Transport Security (HSTS) in IIS earlier. But what about enabling HSTS in Apache .htaccess? Here is how.
.htaccess security best practices in Apache 2.4.6+
2018-11-05
Since Apache 2.4.6, a new module is used to configure and set up access control for websites: mod_authz_core. This means you have to use a different syntax for allowing or blocking hosts and IP addresses to your website. Apache Access Controle done right in WordPress .htaccess.
Protect WordPress from brute-force XML-RPC attacks
2017-06-02
How to protect your WordPress from brute-force XML-RPC attacks, because the WordPress XML-RPC API has been under attack for many years now.
SSL in WordPress: how to move WordPress to HTTPS? The definitive guide
2016-07-15
Move WordPress to HTTPS correctly. Learn the Site Health switch, database search and replace, IIS/Apache redirects, HSTS hardening, and OpenSSL verification.
HackRepair.com’s Bad Bots .htaccess in web.config for IIS
2016-02-19
Learn to protect your WordPress website with this web.config file on Windows Server IIS. Block IP addresses, bad bots, query string sequences
Huge increase in WordPress xmlrpc.php POST requests
2014-07-07
How to identify, block, mitigate and leverage xmlrpc.php scans, brute-force, and user enumeration attacks on WordPress sites... Secure WordPress xmlprc.php interface and reduce service disruption.
Remove IIS Server version HTTP Response Header
2014-07-06
Windows Server IIS loves to tell the world that a website runs on IIS. It does so with the "Server:" header in the HTTP response, as shown below. In this post I'll show you how to remove HTTP response headers in Windows Server IIS. You don't want to give hackers too much information about your servers, right?.
Redirect HTTP to HTTPS
2013-03-13
In this post I provide you various HTTP to HTTPS redirection methods, for Windows Server IIS and Linux Apache. Use these examples to your advantage to secure the traffic between your visitors and your website.
Create your own PHP based Origin Pull CDN
2013-02-17
The advantage of having your website content hosted on a Content Delivery Network (CDN) is having your content distributed and stored across the Globe. Utilizing the network of the Content Delivery Network provider.
Convert .htaccess to web.config
2013-02-08
This post describes some of the IIS URL Rewrite Module web.config equivalents of commonly used Apache .htaccess settings. You'll learn how to translate .htaccess content to IIS web.config, this is useful when you need to migrate your website from Apache to Windows Server IIS.
How to use .htaccess files on Windows Server IIS
2011-12-28
Learn how to use .htaccess in Windows Server IIS. Before IIS 7 and the URL Rewrite module, you had to rely on third party extensions to IIS for URL rewriting with .htaccess files.