Category: Security

Keeping safe

In-Depth HTTP to HTTPS Migration Guide for WordPress

As of July 24th, 2018, Google Chrome is now be marking all non-HTTPS sites as “Not Secure.” Regardless of whether they collect data or not. This is why HTTPS is more important than ever! In today’s post

How to Setup HTTPS (SSL Certificates) to Secure PhpMyAdmin Login

To introduce this tip, let’s sniff the HTTP traffic between a client machine and the Debian 8 server where we have made the innocent mistake to login using the database root user’s credentials in our

How to Change and Secure Default PhpMyAdmin Login URL

By default, the login page of phpmyadmin is located at http://<ip address>/phpmyadmin. The first thing that you will want to do is changing that URL. This will not necessarily stop attackers from targeting your server,

Speed up your browsing with help from your hosts file

Web pages these days are so full of advertisements, trackers, counters, hidden pixels, it’s a wonder they load at all. And who knows what information you’re revealing about your browsing habits. Browser plugins like Adblock

Implementing Mandatory Access Control with SELinux or AppArmor in Linux

To overcome the limitations of and to increase the security mechanisms provided by standard ugo/rwx permissions and access control lists, the United States National Security Agency (NSA) devised a flexible Mandatory Access Control (MAC) method

How to Scan for Rootkits, backdoors and Exploits Using ‘Rootkit Hunter’ in Linux

Guys, if you are a regular reader of you will notice that this is our third article on security tools. In our previous two articles we have given you all the guidance in how

The Mega Guide to Hardening and Securing CentOS 7 – Part 2

Continuing the previous tutorial on how to secure CentOS 7, in this article we’ll discuss other security tips that will be presented on the below checklist. Hardening and Securing of CentOS 7 Server Requirements The

The Mega Guide To Harden and Secure CentOS 7 – Part 1

This tutorial only covers general security tips for CentOS 7 which can be used to harden the system. The checklist tips are intended to be used mostly on various types of bare-metal servers or on

Connecting to Let’s Encrypt SSL sites via cURL from MAMP

This is a brief lesson in diagnostics that some may find helpful. The Scenario I develop websites on a Mac running MAMP. On my Mac I have an installation of InfiniteWP that connects to each

Lynis 2.5.5 Released – Security Auditing and Scanning Tool for Linux Systems

Lynis is an open source and much powerful auditing tool for Unix/Linux like operating systems. It scans system for security information, general system information, installed and available software information, configuration mistakes, security issues, user accounts

The Ultimate Guide to Secure, Harden and Improve Performance of Nginx Web Server

Nginx Security Hardening Tips Based on the wonderful things you have heard about Nginx, perhaps you decided to give it a try. You may have liked it so much that are considering replacing your Apache

How to Block SSH and FTP Access to Specific IP and Network Range in Linux

Block SSH and FTP Access Using IPtables/FirewallD Typically we all use SSH and FTP services often to access the remote servers and virtual private servers. As a Linux administrator, you must aware about how to

What is WordPress XML-RPC and How To Stop an Attack

The WordPress XML-RPC is a specification that aims to standardize communications between different systems. It uses HTTP as the transport mechanism and XML as encoding mechanism which allows for a wide range of data to be

How to remove the security hole in WordPress comment HTML

Before reading further, you should read my earlier post, Your WordPress site comments are giving information to hackers, since this post provides a neater solution to the problem described in that post. Summary of Problem

RHCSA Series: Mandatory Access Control Essentials with SELinux in RHEL 7 – Part 13

During this series we have explored in detail at least two access control methods: standard ugo/rwx permissions (Manage Users and Groups – Part 3) and access control lists (Configure ACL’s on File Systems – Part

Your WordPress site comments are giving information to hackers

Something I recently discovered: if you run a WordPress site and make a comment on a post yourself while logged in, information relating to your username is added to the HTML that makes up the

RHCSA Series: Installing, Configuring and Securing a Web and FTP Server – Part 9

A web server (also known as a HTTP server) is a service that handles content (most commonly web pages, but other types of documents as well) over to a client in a network. A FTP

7 Tools to Encrypt/Decrypt and Password Protect Files in Linux

Encryption is the process of encoding files in such a way that only those who are authorized can access it. Mankind is using encryption from ages even when computers were not in existence. During war

Single User Mode: Resetting/Recovering Forgotten Root User Account Password in RHEL/CentOS 7

Have you ever encountered a situation when you missed your user account password on a Linux System? And the situation can be worse if you forgot the root password. You cannot perform any system wide

How to Install and Use Linux Malware Detect (LMD) with ClamAV as Antivirus Engine

Malware, or malicious software, is the designation given to any program that aims at disrupting the normal operation of a computing system. Although the most well known forms of malware are viruses, spyware, and adware,