Tagged: Hardening

htaccess force SSL for WordPress

This works for me on Apache 2.2 with VirturalHosts. Plus other useful stuff here. <IfModule mod_rewrite.c> RewriteEngine On Options -Indexes Options +FollowSymLinks RewriteBase / # Force HTTPS RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}/$1 [L] # Deny access by your most hated visitors and bad bots RewriteCond %{HTTP_USER_AGENT} mechanize [NC,OR] # Protect against SQL INJECTION RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [OR] RewriteCond %{QUERY_STRING}...

Harden Ubuntu Server 12.04 LTS

Its not enough to harden just Ubuntu. Its necessary to harden the rest of LAMP as well. So here is how I do it. Harden MYSQL sudo mysql_secure_installation answer Yes to all questions (but no need to change password) Harden PHP – and tune performance sudo apt-get install php5-suhosin sudo vi /etc/php5/apache2/php.ini uncomment this code or update setting max_execution_time =...