Using HTTPS helps preventing someone from snooping your username/password or hijacking your sessions. Using HSTS makes sure the connection stays on HTTPS, even if a MITM tries to redirect you to the plain HTTP version of a web site. But it is easier than you might think for a MITM to use a rogue certificate, making you believe everything is fine. HTTP Public Key Pinning (HPKP) helps the browser check that everything actually is fine.Continue reading “HTTP Public Key Pinning (HPKP)”
I always run the latest LTS version of Ubuntu on all my servers. Currently the latest LTS is 14.04 which comes with PHP version 5.5, but as of November 2014, the latest stable version is 5.6. So how do you get an updated, current version of PHP without resorting to having to maintain the packages yourself? The answer is in PPA.Continue reading “Install latest version of PHP on Ubuntu”
If you have a static IP address, like from your own VPN, it is very easy to increase your security tremendously. Simply restrict all logins to that IP address.
Continue reading “Restricting access to WordPress login by IP address”