Protection from the eye Blog

Protecting your WordPress site from Internet Scum

I've been running my web server and WordPress site nearly a couple of years now. My goto plugins for protection are:

Antispam Bee - Which allows me to leave blogs open for comments, in case someone would ever want to ask something or start a discussion. However, I've found I only seem to get SPAM bots. Having to check all the messages is a pain, so I've also changed the WordPress settings to automatically close comments on articles older than 10 days. 

Shield - If the term "hackers" means anything to you, then this is "the security plugin" you need to have. Just look at the number of attempts to access my site.

30k login blocks and 3k IP bans

Recently the login attempts seemed to have been spiralling upwards. With this many automated attempts, you can't feel safe, and I've been thinking for a while, it's only a matter of time until they find a zero-day vulnerability.

My first attempt was to block my wp-admin folder where the admin area of WordPress is, but it turned out to be a bad idea. What I didn't realise, is that there are some AJAX functions there which are needed by other parts of my site such as the booking system. Thankfully, someone was kind enough to inform me about the problem 😉

Password Protect wp-login.php

Step 1: Create a .htpasswd file using the Apache documentation. For extra security use a username that is difficult to guess.

htpasswd -c /var/www/clouded.ch/html/.htpasswd neil

Step 2: Create or add to the .htaccess file (using text editor)

<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>

<Files wp-login.php>
AuthUserFile /var/www/clouded.ch/html/.htpasswd
AuthName "Private access"
AuthType Basic
require valid-user
</Files>

Good luck with protecting your sites...

Article on privacy Blog

Goodbye Google Analytics

I don’t remember the exact blog post I read which prompted me to remove Google Analytics just now, of course, it was another one of those concerned with privacy.

The point here is if you have a WordPress site, there are good plugins, like WP Statistics, that can help you with statistics, so you know what content is doing well, and you not having to compromise the personal information of your online visitors.

Example of WP Statistics on https://clouded.ch site.

Having a count on the popular pages, the number of visitors and referral sites is more than enough information for me. You can drag and drop, the panels, so the information you want to see is at the top. I like it a lot more than Google Analytics.

An extra tweak I made on my WP tracking included masking the IP addresses.

So, now I no longer need to worry about the next WordPress update wiping my tracking code because I no longer need it anyway.