Share
Scroll down

My Latest Articles

Step into the mind of a long-time developer, long-time server manager, and full-time geek 🙂

Like most good hosting support folks, security tops the list of my priorities. While a good firewall, and true Web Application Firewall are the best means for helping with this, sometimes shared hosting services will not change the configurations they have in place to support the necessary security for a Wordpress website. In steps the iThemes Security plugin. iThemes acts like a WAF, in that it can detect (via a vast network) bad bots, known hackers, and most known vulnerabilities in Wordpress. I will lay out what I use on all of the sites I manage hosting for (note, this number as of today, is in the thousands), as well as enabling the necessary configuration needed to allow iThemes to do it's thing when you…

Read more
01

We recently found ourselves needing a new incremental file backup system... something we could use to remotely store, something fast, something secure, and ultimately something reliable. In steps Duplicity. Duplicity allows us to sync incremental file backups to our cloud storage flawlessly; it has helped reduce backup file size, allows us to encrypt the backups, and reduce the amount of bandwidth needed for transferring both backups and restores. Overall giving our developers a much needed break from their manual backups. The script in our repo contains an installer that will setup everything you will need on your servers for this, though please do note that the restore is incomplete. While we have verified manual account & app restores, we have not been able to perfect…

Read more
02

Wow!  It's been a little while since I have had the time to post another article.   Well, here I am again, back at it. This time, I will show you an optimal way to keep your site secure utilizing a bit of nginx configuration.  You will need to do some work before implementing this, so please do not attempt to simply copy/paste this and expect it to work out of the box. # Default security headers add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"; # enable, cache, and preload subdomains add_header X-Frame-Options "SAMEORIGIN" always; # generally only allow SAMEORIGIN frame sources add_header X-Xss-Protection "1; mode=block"; # protect against Cross-Site Scripting add_header X-Content-Type-Options "nosniff" always; # no sniffing allowed! add_header Referrer-Policy "strict-origin"; # protect agains cross-linking add_header X-Download-Options "noopen";…

Read more
03

I have successfully managed to get under a 1 second load time on my Wordpress site, While getting 250 concurrent users over a 1 minute test period.  (Source: https://gtmetrix.com/reports/www.westernmasshosting.com/I858GlQs & https://loader.io/tests/f3cb1673bbecf7176954d39be612f838) This was done with a combination of items, stemming from the server install up to Wordpress theme development.  Here is how I did it, so maybe you can too. Server Setup Here we will start from the ground up.  Items you will need: VirtualBox, Ubuntu 16.04 64b Server ISO, Time My virtual machine is setup with 4G of RAM, using 2 CPU's, with 80G SSD, and a Bridged Networking adapter Boot to the ISO, and start the installation process.  Everything can be setup how you wish, however, I custom partitioned, as well as, only…

Read more
04

Install & Configure Nginx on Existing Cpanel Servers cd /usr/local/src wget http://nginxcp.com/latest/nginxadmin.tar tar xf nginxadmin.tar cd publicnginx ./nginxinstaller install Once installation completes, login to WHM for that server Scroll past ConfigServer Security&Firewall to see Nginx Admin and click it Add the 0 */1 * * * /usr/sbin/tmpwatch -am 1 /tmp/nginx_client to crontab -e on the server Click 'Configuration Editor' Copy/Paste into the field user nobody; # no need for more workers in the proxy mode worker_processes 4; error_log /var/log/nginx/error.log warn; worker_rlimit_nofile 20480; events { worker_connections 5120; # increase for busier servers use epoll; # you should use epoll here for Linux kernels 2.6.x } http { server_name_in_redirect off; server_names_hash_max_size 10240; server_names_hash_bucket_size 1024; include mime.types; default_type application/octet-stream; server_tokens off; # remove/commentout disable_symlinks if_not_owner;if you get Permission denied error # disable_symlinks if_not_owner;…

Read more
05