Category: Computers and Internet

Computers and Internet

Posted on

WP Security Considerations

My Short Story on Hardening WordPress

  • Use and require long passwords with upper,lower case, numbers and special characters
  • Limit user registration
  • Use a good hosting site, a current version of Linux, PHP, MYSQL etc and make sure they are updated
  • Know the vendors of your Themes, Plugins and Widgets
  • Install to a different directory than the default
  • Change the default Database prefix
  • Configure a set of “Authentication Unique Keys and Salts” in wp-config
  • Don't use admin, root etc. for usernames
  • Do you own scans of the PHP and JavaScript files etc.
  • Lock down uploads directory and comments
  • Stay current, make sure it is doing auto updates
  • Lock down PHP: https://www.owasp.org/index.php/PHP_Security_Cheat_Sheet

I use the Wordfence security plugin
I am evaluating Securi

I use BackWPup

Use SSL. Here is a place you can get a free certificate: https://letsencrypt.org/
A list of site security scanners from OWASP (Open Web Application Security Web) web site scanners

I use Dashboard Widgets Suite by Jeff Starr, it has a security tab for some of the common things

  • Register Globals: Disabled
  • Safe Mode: Disabled
  • Display Errors: Disabled
  • allow_url_include: Enabled
  • allow_url_fopen: Enabled
  • Magic Quotes: Disabled
  • Server Signature: Enabled
  • WP Unique Keys: Enabled
  • mod_security: Not Installed
  • open_basedir: Disabled
  • upload_tmp_dir: /tmp
  • expose_php: Disabled

Read this: WP Codex: “Hardening WordPress”

More from Jeff Starr's Book The Tao of WordPress
example .htacess for uploads

#secure uploads directory
<Files ~ ".*..*">
Order Allow,Deny
Deny from all
</Files>
<FilesMatch ".(jpg|jpeg|jpe|gif|png|tif|tiff|mov|wmv)$">
Order Deny,Allow
Allow from all
</FilesMatch>

Note: you need .htacess in parents directory as well, buy the book for more!

My parent directory .htacess

DirectoryIndex index.php

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

# This denies all web access to your wp-config file, error_logs, php.ini, and htaccess/htpasswds.
<FilesMatch "^.*(debug\.log|error_log|wp-config\.php|php\.ini|\.[hH][tT][aApP].*)$">
Order deny,allow
Deny from all
</FilesMatch>

# BEGIN gmgj per TAO

# [5G] BLOCK BAD BOTS
<IfModule mod_setenvif.c>
SetEnvIfNoCase User-Agent (binlar|casper|cmsworldmap|comodo|diavol|dotbot|feedfinder|flicky|ia_archiver|jakarta|kmccrew|nutch|planetwork|purebot|pycurl|skygrid|sucker|turnit|vikspider|zmeu|grimreaper) keep_out
<limit GET POST PUT>
Order Allow,Deny
Allow from all
Deny from env=keep_out
</limit>
</IfModule>

# END gmgj per Tao

 

Posted on

Example Aside

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui

Posted on

Test Stuff

Stuff
⇑ My internal anchor named "Stuff" display like what you see above ⇑

This is the html code
<a name="stuff" id="stuff">Stuff</a><br>

This is how you link to a specific part of a page
<a href="https://cookdotcom.com/test-stuff/#stuff">https://cookdotcom.com/test-stuff/#stuff</a>

Try it, goto stuff2, below

Using links and abbr: examples and code:
abbr example
Gain valuable safety training with this 1.5 day OSHA Outreach Construction 10-hour class issuing DOL cards.

link example
Gain valuable safety training with this 1.5 day OSHA Outreach Construction 10-hour class issuing DOL cards.

HTML code
Gain valuable safety training with this 1.5 day OSHA Outreach Construction 10-hour class issuing <abbr title="Department of Labor">DOL</abbr> cards.

Gain valuable safety training with this 1.5 day OSHA Outreach Construction 10-hour class issuing <a href="https://www.usfosha.com/osha-articles/osha-cards.aspx">DOL</a> cards.

To convert you html code into entities to show special characters, paste your html in the following link: https://mothereff.in/html-entities

And it converts it to html entities, or in other words translate an html reserved character like "<" to "&#x3C;"  so when you paste it into the text WordPress editor, it shows as code, instead of an html statement

The entity converter usually converts to the XML numeric entities of the form &#; however, there are alternate representations for the same characters
{note, the WordPress editor can do some automatic conversions for you, the following codes have spaces between them to prevent this conversion}
& # x 2 6 ;
& # x 3 8 ;
& a m p ;
are all ampersand

Stuff2

Posted on

Example Formatting – Standard Post

Standard Post

Structured Text

EM: Indicates emphasis.
STRONG: Indicates stronger emphasis.
CITE: Contains a citation or a reference to other sources.
DFN: Indicates that this is the defining instance of the enclosed term.
CODE: Designates a fragment of computer code.
SAMP: Designates sample output from programs, scripts, etc.
KBD: Indicates text to be entered by the user.
VAR: Indicates an instance of a variable or program argument.

ABBR: Indicates an abbreviated form. Pass your Mouse Over the item WWW

ACRONYMs: have a dotted line around the word.  Pass your Mouse Over the item. A ? will show at the mouse cursor and a tooltip will popup!

How is an acronym coded?

examples of bold , italic , bold italic , teletype text big small quote
This following line has the tags without an enclosing p

bold , italic , bold italic , teletype text big small quote

Posted on

Custom CSS and HTML

The following are done with inline styles

Clear Cache
Bless Device
Caress Device
Shutdown and Power Off Device
Do the Dance of the Backward Bits
Cross Every Finger
Stroke Your Lucky talisman
Stand on One Foot and Rub Your Belly
Swing a rubber chicken over your head 3 times
Turn on Device
Uncross and then Recross Every Finger
Say : Good Computer, Nice Computer, Please Help Me Wondrous Machine
Try it again
Really folks, blow the dust out, try a different cable, try a different computer, reboot, unplug it, try a few simple things first.

There are MUCH smarter and healthier things to do, then use Marijuana for recreation.
But; when compared to alcohol and tobacco, Marijuana is unequivocally the lesser evil.

(\ /)
(O.o)
(> <)

The following are done with custom classes in the child theme

blockquote {
border-left: 5px solid #1f567d;
margin: 0 0 30px;
padding: 15px 30px;
}

https://garyjohnson53.wordpress.com/2016/03/03/resume-update/


I sometimes use this typographic type effect for the start of somewhat longer narrative. It usually signifies that you might have to think about this for a second.

Paragraphs start out indented.  To format multiple line within a p I have to use a &nbsp; and a space to get the spacing correct,like this and the following line.  The last line of this paragraph will not have a &nbsp; and I bet it will only have one space between the period and the next sentence. I have two spaces before this but no  .

 

CBError messages in this color

CBError warnings and unexpected or different informational messages in this color

Three D text

EGADS
 There has been an error!

see my wp 404 error
table coding for wordpress/