Share
Scroll down

My Latest Articles

Step into the mind of a long-time developer, long-time server manager, and full-time geek 🙂

Like most good hosting support folks, security tops the list of my priorities. While a good firewall, and true Web Application Firewall are the best means for helping with this, sometimes shared hosting services will not change the configurations they have in place to support the necessary security for a Wordpress website. In steps the iThemes Security plugin. iThemes acts like a WAF, in that it can detect (via a vast network) bad bots, known hackers, and most known vulnerabilities in Wordpress. I will lay out what I use on all of the sites I manage hosting for (note, this number as of today, is in the thousands), as well as enabling the necessary configuration needed to allow iThemes to do it's thing when you…

Read more
01

We recently found ourselves needing a new incremental file backup system... something we could use to remotely store, something fast, something secure, and ultimately something reliable. In steps Duplicity. Duplicity allows us to sync incremental file backups to our cloud storage flawlessly; it has helped reduce backup file size, allows us to encrypt the backups, and reduce the amount of bandwidth needed for transferring both backups and restores. Overall giving our developers a much needed break from their manual backups. The script in our repo contains an installer that will setup everything you will need on your servers for this, though please do note that the restore is incomplete. While we have verified manual account & app restores, we have not been able to perfect…

Read more
02

Wow!  It's been a little while since I have had the time to post another article.   Well, here I am again, back at it. This time, I will show you an optimal way to keep your site secure utilizing a bit of nginx configuration.  You will need to do some work before implementing this, so please do not attempt to simply copy/paste this and expect it to work out of the box. # Default security headers add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"; # enable, cache, and preload subdomains add_header X-Frame-Options "SAMEORIGIN" always; # generally only allow SAMEORIGIN frame sources add_header X-Xss-Protection "1; mode=block"; # protect against Cross-Site Scripting add_header X-Content-Type-Options "nosniff" always; # no sniffing allowed! add_header Referrer-Policy "strict-origin"; # protect agains cross-linking add_header X-Download-Options "noopen";…

Read more
03

This is a quick(ish) how to that you can do to utilize one of your registered domains on Amazon's Route53 service. Required: A registered Domain An account with Amazon's AWS, in particular, their Route53 service An IAM account, with API access to allow the creation, reading, and updating Route53 Domain records The AWS cli installed on a linux distro that you have shell access to A bit of patience Remembering what DNS propagation is like... How to do it: First things first, drop into shell on your linux machine and run the following command.  You will need to copy/paste it's output, so have your favorite text editor handy. aws route53 create-reusable-delegation-set --caller-reference $(date +%s%N) The output of this command should look similar to the following:…

Read more
04

Have you ever updated your domain’s A record and noticed that, for at least several hours, your new domain displayed the new site on one device (such as your smartphone), but the old site on another device, such as your home computer? Have you ever updated your domain’s MX records and found that, for at least several hours, not all new emails were delivered to the new email server you specified? I cannot count the number of times I have seen these sorts of situations cause website owners to panic, pull their hair out, or get frustrated with their hosting provider. So what exactly is going on, and what can you do about it? What is happening is that the change you made to your…

Read more
05