Restrict Access to WordPress with Nginx and GeoIP

The goal of this post is to harden your WordPress dashboard by preventing logins from countries where you know you will never be connecting. Since brute-force login attempts may still originate from an allowed country, it would be wise to combine this with other tools like fail2ban or one of the numerous plug-ins that add… Continue reading Restrict Access to WordPress with Nginx and GeoIP

Automatically Update WordPress, Themes, and Plugins using WP-CLI

WordPress is a hugely popular blog/CMS platform, but with widespread adoption comes risk: It is a common target for hackers, exploits, etc. Accordingly, you should make sure it gets regular updates. WordPress has a built-in update mechanism but this also requires that its PHP files be writable by the web server, introducing a new set… Continue reading Automatically Update WordPress, Themes, and Plugins using WP-CLI

File ownership considerations with Nginx and php-fpm

I recently switched my CentOS 7 web server over to Nginx and php-fpm. From my experience with Apache I assumed that PHP scripts would be executed by the same user the web server is running as — ‘nginx’ in this case. But this could no longer be taken for granted since php-fpm is a separate… Continue reading File ownership considerations with Nginx and php-fpm