scuttle: web security

Sort by: Date / Title / URL

  1. Helpful article that explains some SSL errors with wildcard certificates which according to RFC2818 only go one level deep. So *.blah.com is good for foo.blah.com but not bar.foo.blah.com. Weird.
  2. AskApache Password Protect is a WordPress plugin which uses .htaccess and other methods to block some common WordPress attacks. Some of the options get in the way of functionality, but many do not and will help.
  3. An article from Noupe.com on securing WordPress installations. Some general tips such as restrict by IPs, block repeated failed logins, disallow directory listings, block access to wp-config.php, etc.
  4. WP Security Scan is a WordPress plugin which scans your WordPress installation for security vulnerabilities and suggests corrective actions.
  5. Article on WordPress security by TechCrunch. Good post encouraging people to keep their version up to date, etc.
  6. Tripwire monitors files on the filesystem for changes as a method of intrusion detection. Similar systems include AIDE and Samhain. Useful for detecting web site hacks.
  7. Donncha writes a useful article on detecting if your site has been hacked, monitoring systems to check for hacks, and how to secure your site to avoid future hacks.
  8. HackBar gives you a really big address bar with a load of extra functions to test sql injections and so on. Useful for testing. Not currently 3.0 friendly.

First / Previous / Next / Last / Page 1 of 1