Protect + Stop WPScan WordPress User Enumeration with Varnish

WPScan is a WordPress vulnerability scanner written in Ruby. Sucuri sponsored WPScan which hosted on github. With its security vulnerability database for WordPress core, plugins and themes hackers can get a report on your site’s known security problems which can be exploited. You can install WPScan yourself on Debian 8 (guide) or Ubuntu 16.04 (guide). WPScan provides multiple ways … Learn more…

How to Integrate fail2ban with CloudFlare API v4 Guide

CloudFlare is a pretty sweet free security, firewall and acceleration service that I use on all my WordPress sites. The old CloudFlare API is being retired shortly (November 2016, source). Since the CloudFlare v4 API is already live, I wanted to be prepared for the new API switch. I use fail2ban to protect my wp-login … Learn more…

Install Suhosin php5-fpm Security for WordPress

Suhosin hosted on github is a PHP security extension. Suhosin can protect you from insecure code and possible buffer overflows. Install Suhosin on your VPS or dedicated server only takes a few minutes and could protect you from poorly coded WordPress plugins. This tutorial was tested on Debian 7 (Wheezy), 8 (Jessie) and Ubuntu 14.04 … Learn more…

Protect WordPress wp-login with nginx HTTP Auth + fail2ban

Protecting wp-login.php for WordPress is essential for brute force protection from hackers. Most WordPress administrators will use a plugin like All-in-One Security (recommended) or Wordfence to block users who are making excessive login attempts. The problem with the plugin technique is that these brute force protection methods are still expensive for your web server. When a user … Learn more…

Install WPScan on Debian 8 for WordPress Vulnerability Scanning

WPScan is a WordPress vulnerability scanner written in Ruby. It is sponsored by Sucuri and hosted on github. Using its security vulnerability database for WordPress core, plugins and themes it will provide a report on your site’s known security problems which can be exploited by hackers. Install WPScan dependencies for Debian 8 Install the WPScan … Learn more…