WordPress Hardening & Security Tips

Quick list of common and popular WordPress security tips for automated scripted attacks. Wasted server resources translate in to slower websites and not a great user experience.

Securing WordPress Login

Limit the attempts to the login web page with the following plugins:

One of our favorites is:

Cerber Security & Limit Login Attempts

Protect User Enumeration

Bots can source out your usernames, the following plugin disables it.

Stop User Enumeration

WordPress Firewall Plugin

Bots looking for weaknesses to exploit can be stopped with BBQ: Block Bad Queries. This is a simple ‘set it and forget it’ WordPress plugin. This is a great plugin to help protect server resources for invalid requests.

BBQ: Block Bad Queries

WordPress Firewall with .htaccess

Alternatively, one can set up a firewall directly within the .htaccess file and not having to use a plugin.

6G Blacklist is a definitive source of information for setting a firewall via .htaccess file

https://www.perishablepress.com/6g/

Ban IP Addresses

Ready to go ban IP plugin

WP-Ban

Scan for Exploits and malicious code

This plugin searches through your WordPress install for signs that may indicate that your website has been compromised by hackers. Scans your posts, pages, plugins and comments

Exploit Scanner

 

 

 

 

 

Laravel Quick Set Up Notes

We’d love to cover the development environment setup for Laravel, limited time and too many options.

Think Digital Ocean, Homestead, Localhost, etc. for setting up a local or online development. Many tutorials online for this.

Here we simply output code snippets used in command line to tinkering with Laravel (as it’s hard to commit all to memory)

Installation

Install Laravel command line installer

composer global require "laravel/installer"

Create a new project

composer create-project laravel/laravel project_name --prefer-dist

Scaffold authentication system

php artisan make:auth

Database

Make:migration – create a database table

php artisan make:migration create_some_table --create=some_table

Add fields to table from new migration

$table->string('title');
$table->string('url’)->unique();
$table->text('description');

Review .env file for database settings

DB_DATABASE=***
DB_USERNAME=***
DB_PASSWORD=***

Save & run migration

php artisan migrate

Should create:

  1. users table
  2. passwords reset table
  3. new custom table

Views

Need to install package control within Sublime Text? Once done, within command, search for blade syntax highlighter

Create Controller

using Artisan

php artisan make:controller YourControllerName
php artisan make:controller YourControllerName --resource // restful controller