The goal of this post is to harden your WordPress dashboard by preventing logins from countries where you know you will never be connecting. Since brute-force login attempts may still originate from an allowed country, it would be wise to combine this with other tools like fail2ban or one of the numerous plug-ins that add… Continue reading Restrict Access to WordPress with Nginx and GeoIP
Category: Web Servers
Automatically Update WordPress, Themes, and Plugins using WP-CLI
WordPress is a hugely popular blog/CMS platform, but with widespread adoption comes risk: It is a common target for hackers, exploits, etc. Accordingly, you should make sure it gets regular updates. WordPress has a built-in update mechanism but this also requires that its PHP files be writable by the web server, introducing a new set… Continue reading Automatically Update WordPress, Themes, and Plugins using WP-CLI
File ownership considerations with Nginx and php-fpm
I recently switched my CentOS 7 web server over to Nginx and php-fpm. From my experience with Apache I assumed that PHP scripts would be executed by the same user the web server is running as — ‘nginx’ in this case. But this could no longer be taken for granted since php-fpm is a separate… Continue reading File ownership considerations with Nginx and php-fpm