Installing WordPress via Terminal and Securing The Server
So what better way to kick off my security related posts than to summarize the steps I took to get this website up. Big thanks to Daniel Cid for all... Read More The post Installing WordPress via...
View ArticleUninstall ModSecurity & WordPress Challenges
Ok, as simple as a post as this might appear I recently undertook an effort to install and configure ModSecurity on my little server. In the process I quickly learned... Read More The post Uninstall...
View ArticleMy New OSSEC HIDS Book
Pretty excited, today I got my very own copy of the OSSEC Host-Based Intrusion Detection System (HIDS) book in the mail. If you haven’t heard about it, it was developed... Read More The post My New...
View ArticleAccessing Your Server via SSH Keys
The past couple of weeks I have found myself dabbling in a number of system / network centric tasks. In the process I have been configuring a number of servers... Read More The post Accessing Your...
View ArticleBasic Access Authentication: Protection Against Automation
I wrote an article recently talking to the use of Basic Access Authentication to help harden your administrator panel. I have been monitoring my logs to see how it protects... Read More The post Basic...
View ArticleOSSEC Agent to Server Connection Issues
So naturally, as of late, I have found myself doing more than I probably need to on my servers and in the process causing more headaches then required. One of... Read More The post OSSEC Agent to...
View ArticleOSSEC For Website Security: Part I
OSSSEC is my preferred host-based intrusion detection system (HIDS). I have to admit I am a bit partial to it because my good friend Daniel Cid built it and sold... Read More The post OSSEC For Website...
View ArticleWordCamp Miami 2013: WordPress Website Security
I’ll be in Miami this weekend, for WordCamp Miami 2013, giving a new, updated talk on Website Security. Come by and say hi if you’re around — If you’re not,... Read More The post WordCamp Miami 2013:...
View ArticleCurious to See a DDOS in Action?
I’ve always wondered what a Distributed Denial of Service (DDOS) really looks like. Fortunately, there is now this pretty awesome video illustration of what it looks like: How cool is... Read More The...
View ArticleEnable 2FA with SSH Connection
If you don’t know, I’m a big fan of two-factor authentication. I often talk about it integrated into your web applications access points, like wp-admin in WordPress and administrator in... Read More...
View ArticleOSSEC: Stop Agent Email Notifications from Being Grouped
This a quick post, for those of you that manage multiple agents under your manager, there might be instances where your email notifications will group different agent notifications together. This......
View ArticleSecurity and Hosting Environments
The world of hosting is complex, it’s further complicated when you throw security into the mix. A few months back I wrote an article on the delicate line between where the... Read More The post...
View ArticleAutomattic’s Push into Managed WordPress and It’s Potential Impacts to the...
The Managed WordPress ecosystem welcomes a new entrant – Automattic. Today they officially announced that WordPress.com Business now supports plugins and third-party themes. I am fascinated by the move...
View ArticleHow HTTPS Works – Let’s Establish a Secure Connection
The need to use HTTPS on your website has been spearheaded by Google for years (since 2014), and in 2018 we saw massive improvements as more of the web became... Read More The post How HTTPS Works –...
View ArticleOSSEC For Website Security: PART II – Distributed Architectures Using Agents...
This article assumes you already have OSSEC deployed. If you need a refresher, refer to the Part I of OSSEC for website security, written March 2013. OSSEC is popular open-source... Read More The post...
View ArticleOSSEC FOR WEBSITE SECURITY: PART III – Optimizing for WordPress
The previous OSSEC articles went through through the process of installing OSSEC and deploying a distributed architecture. This article will focus on configuring OSSEC to make better sense of...
View Article