Weekend Stuff

Das Wochenende beginnt mit Coffee & Cookies …
und Logfile Analyse …. eine der wohl nervigsten Aufgaben für den Start ins Wochenende aber
aufgeschoben ist leider nicht erledigt


Do You Speak emoji ?

on a wannabe secure WordPress site

For starters, yes I know that this language is on of the fastest growing languages. But do we care on a WordPress site.

🙂 😉 🙁 😐

Yes I am kind of old school, and no I dont’t speak emoji, and thats the bottom line. So when you are gonna try to get rid of the emoji stuff you can use a plugin or do some coding in functions.php both ways are gonna work somehow. The bright side is there will be no hustle when it comes down somehow to #GDPR and third party requests in the future.

And when you are going down that road of SEO with your own WordPress site, you will be soon in love with everything that improves the pagespeed of your site. As far as my pages and sites are involved, I try to avoid as many plugins as I can to keep it easy, slim and simple. Small is not appropriate for a CMS like WordPress.

🙂 D-‘: D:< D: D8 D; D= DX 😐

So on our projects we do it old school 😉


Web Application Firewall for WordPress

Do we all need a Web Application Firewall?

Really, what is this WAF (web application firewall) doing for me? Simple as that, it creates a set of rules designed to protect your website. A Web Application Firewall (WAF) is a tool that looks at the information in an HTTP request and blocks the request if it is malicious. This prevents malicious requests that are trying to exploit vulnerabilities in applications such as WordPress from being able to reach the vulnerable code.

Blocking unwanted web traffic from accessing your site, Protecting against some kind of hacks, brute force attacks, DDoS attacks, cross-site scripting, SQL/PHP/Code Injection, Cache Poisoning, HTTP Response Splitting, Directory Traversal, File Injection/Inclusion, Null Byte Injection, WordPress exploits (such as revslider, timthumb, fckeditor), Exploits (such as c99shell, phpshell, remoteview, site copier), PHP information leakage and a range of malicious requests, bad bots, spam, and other nonsense.

And when you thinking, “My Website Isn’t a Target for a Hack” oh yeah maybe.

The bottom line: No matter how unlikely you think a hack on your website might be. The website itself is a potential target, just because it’s out there, https isn’t enough, this goes along for strong passwords, 2FA and certificates too, these days.

Always Remember!
“its a hostile world, be prepared to fight”


#WordPress Login

username or email flanked with 2FA #GDPR

As a matter of fact there is more to do than type in a username and a password to achieve a getting some kind a close to #GDPR compliance feeling or recomandation. Strongly I get a feeling that state of the art #GDPR will be soon a real pain in the ass for all of us using software for making things happen. Think about it!

Be honest to yourself, is protecting a login with username and password enough in in these days? Sure not, so use a 2nd factor for authentication and get yourself and your clients some kind of a state of the art protected feeling.

As far as I’ve seen it here #WordPress allows you to choose between your username and your email for login. Well there is no easy way out unless you use some kind of LDAP services to manage that struggle. On the other hand you can force your users to write their usernames for 429 login applications down, cuz they will not memorize it, or let them use their email and their email only for login. Always supported or flanked by a 2FA.

The only thing you have to do is, temper a little bit with the code in your child-themes.

The file you have to edit is functions.php