Protect + Stop WPScan WordPress User Enumeration with Varnish

WPScan is a WordPress vulnerability scanner written in Ruby. Sucuri sponsored WPScan which hosted on github. With its security vulnerability database for WordPress core, plugins and themes hackers can get a report on your site’s known security problems which can be exploited. You can install WPScan yourself on Debian 8 (guide) or Ubuntu 16.04 (guide).WPScan provides multiple ways to … Learn more…

How to Integrate fail2ban with CloudFlare API v4 Guide

CloudFlare is a pretty sweet free security, firewall and acceleration service that I use on all my WordPress sites. The old CloudFlare API is being retired shortly (November 2016, source). Since the CloudFlare v4 API is already live, I wanted to be prepared for the new API switch.I use fail2ban to protect my wp-login with … Learn more…

Automatically Downgrade MemberMouse Users with Python

MemberMouse is a premium WordPress plugin for creating your own membership site. Usually you have a free member status and various premium member statuses depending on their subscription level. When a premium user’s membership expires, MemberMouse does not automatically downgrade that user’s membership status to the free tier. They do show you how to do … Learn more…

Install Suhosin php5-fpm Security for WordPress

Suhosin hosted on github is a PHP security extension. Suhosin can protect you from insecure code and possible buffer overflows.Install Suhosin on your VPS or dedicated server only takes a few minutes and could protect you from poorly coded WordPress plugins. This tutorial was tested on Debian 7 (Wheezy), 8 (Jessie) and Ubuntu 14.04 (Trusty) … Learn more…