Mastodon discoverability on your domain using the nginx location directive

tl;dr: Puts the .well-known/webfinger content in your server config instead of the filesystem. This setup is inspired by Maarten Balliauw‘s Mastodon on your own domain without hosting a server. Please read the linked post for details. The general idea is you can create a special file on your website that allows people to find you… Continue reading Mastodon discoverability on your domain using the nginx location directive

Restrict Access to WordPress with Nginx and GeoIP

The goal of this post is to harden your WordPress dashboard by preventing logins from countries where you know you will never be connecting. Since brute-force login attempts may still originate from an allowed country, it would be wise to combine this with other tools like fail2ban or one of the numerous plug-ins that add… Continue reading Restrict Access to WordPress with Nginx and GeoIP

Automatically Update WordPress, Themes, and Plugins using WP-CLI

WordPress is a hugely popular blog/CMS platform, but with widespread adoption comes risk: It is a common target for hackers, exploits, etc. Accordingly, you should make sure it gets regular updates. WordPress has a built-in update mechanism but this also requires that its PHP files be writable by the web server, introducing a new set… Continue reading Automatically Update WordPress, Themes, and Plugins using WP-CLI

File ownership considerations with Nginx and php-fpm

I recently switched my CentOS 7 web server over to Nginx and php-fpm. From my experience with Apache I assumed that PHP scripts would be executed by the same user the web server is running as — ‘nginx’ in this case. But this could no longer be taken for granted since php-fpm is a separate… Continue reading File ownership considerations with Nginx and php-fpm