Install and Use WPScan on Ubuntu 18.04

WPScan is a WordPress vulnerability scanner created in the Ruby language. Sucuri sponsors this project and it is hosted open source on github.  WPScan uses Sucuri’s vulnerability database for WordPress core, plugins and themes it creates a report on your site’s known security vulnerabilities which could be exploited by a hacker or script kiddie. Install … Learn more…

Protecting wp-admin Brute Force Attacks with nginx Rate Limiting

WordPress is gaining in popularity and therefore the number of attacks specific to WordPress keep increasing. I manage servers for some political websites which get attacked relentlessly so that means I get to create new firewall rules and rate limiting directives to help keep the site running – very fun! Recently this site was being … Learn more…

Let’s Encrypt Wildcard SSL nginx for WordPress Ubuntu 18.04

Let’s Encrypt has transformed the internet. Every website can now have a free SSL certificate! You can authenticate your website with Let’s Encrypt using the .well-known path but if you have multiple virtual hosts then this can get tedious so Let’s Encrypt made it possible to add wildcard SSL certificates by using DNS to authenticate … Learn more…

Blocking Country and Continent with nginx GeoIP on Ubuntu 18.04

Globalization has made cyberattacks much easier 🙁 unfortunately. As a result, you may not want certain countries to visit your site if you mainly get malicious traffic from specific countries that overload your server and slow it down. In this tutorial we will be configuring nginx to use the latest GeoIP database and blocking a … Learn more…