WP Security 2022: Securing Multiple Banking Websites Built on WordPress
A case study on how I secured two WordPress websites for a multinational bank, from start to finish. TABLE OF CONTENTS Introduction Part 1. Organizational Level Security Policies & Cyber Hygiene Part 2. Fundamental Website Security Part 3. Server Hardening and WordPress Hardening Part 4. Brute Force Protection Part 5. DoS / DDoS Protection Part […]
Add HTTP Authentication to wp-login.php
If you’re looking to beef up your WordPress login page security, then this guide will help you add an extra layer of security with HTTP authentication. This article will walk you through how to either add this to a specific website, or all websites on a server. vCanopy wp-login-context.conf On your servers there’s an include […]
How to Prevent Image Hotlinking
Hotlinking is where someone loads an image from another website on their own website, directly off their server and effectively stealing their bandwidth (and probably also breaking a copyright law by not having the appropriate licensing/permission in many cases). If you’d like to put protection in place on your website, below will walk you through […]
Default vCanopy Security and Additional Options
vCanopy takes care of a significant part of the general security for your websites out of the box. This does not mean your websites are invulnerable, and developing good security practices (and perhaps even helping your own clients implement), is still a requirement when locking down your websites. It is, however, handy to know exactly […]
How to Create a Content Security Policy (CSP Header)
TABLE OF CONTENTS Introduction CSPs and vCanopy A CSP is More Than Just a Box to Check Creating Your Content Security Policy Config– vCanopy’s Default Content Security Policy Formatting Creating/Customizing Your Own Content Security Policies Testing a Content Security Policy Add Your Customizations to Your Server Further Reading Introduction A Content Security Policy (CSP) is a […]
Using Fail2Ban with Cloudflare
index Introduction to Fail2Ban Using Fail2Ban with WordPress on vCanopy Using an Action to block IP addresses at Cloudflare Setting up our Action Introduction to Fail2Ban Huge thank you to Ken Wiesner for making this article possible and freely contributing the info to the vCanopy community! Fail2Ban is an open source intrusion detection software installed […]