Yesterday, I showed you how to block IP addresses in Windows Firewall using PowerShell. This comes in particularly handy when blocking brute-force IP addresses. In this short post I’ll show you how to bulk add IP addresses in Windows Firewall, list an IP address and how to remove all IP addresses from Windows Defender Firewall with Advanced Security.
…How to add, list and remove IP addresses in Windows FirewallRead More »
This PowerShell solution blocks IP addresses that are trying to brute force your SQL Server logins, by blocking IP addresses in Windows Defender Firewall with Advanced Security. For the time being, some manual labor is involved, but it is still manageable. You can use this to create your own solution to block offending IP addresses in SQL Server’s firewall.
…Long story short: During the transition of antivirus software to Windows Defender Antivirus (WinDefend), I don’t want Windows Defender remediation on threats it might find. Later, when I have more information about potential threats, I can always choose to remediate that threat, e.g. quarantaine or remove it. Unfortunately, there is no PowerShell cmdlet to configure this. Here is how to (temporarily) turn off routine remediation.
…Don’t want to copy over your ssh keys from Windows to WSL Linux? Or generate new ones? Then share your Windows OpenSSH key with WSL! The OpenSSH config gives you the option to share keys using an IdentityFile directive. Here is how you can share your keys between Windows 10 and WSL.
…This is how I resolved the error message “Get-MpComputerStatus : The extrinsic Method could not be executed.“, in my specific situation.
…How-to fix “Get-MpComputerStatus : The extrinsic Method could not be executed.”Read More »
If you want to quickly delete all saved Remote Desktop credentials from your Windows 10 Credentials Manager, here is how:
…Delete saved RDP credentials from Windows 10 Credentials Manager, using cmdkeyRead More »
I wrote about enabling HTTP Strict Transport Security (HSTS) in IIS earlier. But what about enabling HSTS in Apache .htaccess? Here is how.
…Protect your privileged admin credentials!
Microsoft has published guidance on the easiest way to secure privileged access in Windows Server.
…
Show the number of registered WordPress users in At-a-Glance widget
Often when a WordPress site is compromised, the website owner doesn’t notice anything strange at first. First a lot of users are created, and it’s only later when posts filled with spam are created or existing pages/posts edited. In the time between compromise and creation of spam posts, a website owner might notice an increased number of users. If he has the means to. And that’s what this little plugin does.
…Count and display number of WordPress users in your DashboardRead More »
On a daily bases, new vulnerabilities are found in WordPress plugins. And when you host thousands of WordPress sites, you can count on the fact you have some customers using that vulnerable version of that particular plugin. So you need to find those vulnerable versions on your servers fast. On Windows Server, PowerShell is a perfect tool for the job!
…Find vulnerable WordPress plugin versions fast using PowerShellRead More »
Secure wp-content/uploads in Linux Apache and Windows Server IIS
It’s recommended to disallow access to and execution of PHP files in wp-content/uploads folder. Preferably without the use of a security plugin. Blocking access to PHP files in WordPress wp-content/uploads folder is easily achieved with a .htaccess file on Linux Apache, or web.config accesssPolicy in Windows Server IIS, and here is how.
Disallow direct access to PHP files in wp-content/uploads/Read More »
Create a random string in Bash easily. You can use this Bash function in your .bashrc file to generate a random alphanumeric string. This comes in handy when you need to generate a long, secure password for example. Adjust to your needs.
Bash function to generate a random alphanumeric stringRead More »
How to create an IP restrictions allow list for your IIS FTP Server with Powershell.
When you set up a new public facing FTP server in IIS, it is important to properly secure it. Of course there’s authentication and authorization, but in this post I’ll show you how to configure an IP allow list for FTP using PowerShell.
…Whenever WordPress is using a lot of CPU and you have Wordfence Security plugin enabled, it is recommended to double check some settings. Unfortunately the Wordfence “Live Traffic Options” (“Traffic logging mode”) feature can cause high CPU usage and load issues for WordPress websites. Therefore, I recommend you disable this feature to improve the performance of your WordPress website.
…Reduce Wordfence CPU usage, disable Wordfence “Live Traffic View”Read More »
Apache Access Control done right in WordPress .htaccess, ‘Allow/Deny from all’ versus ‘Require All Granted/Denied’
Since Apache 2.4.6, a new module is used to configure and set up access control for websites: mod_authz_core. This means you have to use a different syntax for allowing or blocking hosts and IP addresses to your website. But unfortunately, old documentation is never updated and people even still write blog posts using that old syntax, leaving you with an unprotected website. Not what you had in mind, now is it?…
…WordPress .htaccess security best practices in Apache 2.4.6+Read More »
