Configure your local Postfix to relay through a transactional email service

Using Postfix with specialized, transactional email services like SendGrid or Mandrill is excellent for not only for optimizing email deliverability, but they usually also offer some nice features.

Continue reading “Configure your local Postfix to relay through a transactional email service”

Two Factor Authentication for WordPress

If you’re using a strong password, brute-forcing is a very inefficient way of breaking into your WordPress account, and if it is really strong, dictionary attacks won’t help much either. However, there are are other, easier, ways for a mischievous person to get their hands on your login credentials e.g. with phishing, keyloggers or a MITM attack. By using a two-factor solution, you will increase your login security by an order of magnitude.Continue reading “Two Factor Authentication for WordPress”

HTTP Public Key Pinning (HPKP)

Using HTTPS helps preventing someone from snooping your username/password or hijacking your sessions. Using HSTS makes sure the connection stays on HTTPS, even if a MITM tries to redirect you to the plain HTTP version of a web site. But it is easier than you might think for a MITM to use a rogue certificate, making you believe everything is fine. HTTP Public Key Pinning (HPKP) helps the browser check that everything actually is fine.Continue reading “HTTP Public Key Pinning (HPKP)”

Running HHVM with fallback to PHP-FPM

HHVM can really speed up your PHP-based web site. Most reports are somewhere in the range of 2–4x faster. Unfortunately, HHVM isn’t very stable and will suddenly die, just of the blue, from time to another. Fortunately, if you’re running Nginx it’s really easy to set up PHP-FPM as a fallback.Continue reading “Running HHVM with fallback to PHP-FPM”