Recently I have been doing a lot of testing on a couple of my web sites that run WordPress and realized that securing your site takes a bit of effort. There are some plugins that do a great job at certain things however I wasn’t able to find any that did a great job of securing everything that I would prefer be secured. Below I describe a multi-pronged approach to securing your WordPress site from hacking attempts using multiple WordPress plugins as well as performing a couple manual steps that ensure the WordPress details exposed to the world are minimal.
I have been using a WordPress plugin for awhile called Pretty Link Pro which provides a ton of awesome features including a link shortener such as tinyurl.com. When using the URL shortener you can actually configure Pretty Link Pro to use a different domain which would be a benefit if your URL is long similar to www.question-defense.com. I have been using link.as so instead of providing shortened links such as http://www.question-defense.com/1ce I can provide links such as http://link.as/1ce which you can see is a lot more user friendly when providing links to others. One thing I wanted to ensure was the fact that Google was not crawling content on the http://link.as URL which is possible simply by Google finding the shortened links on places like Twitter. Below I describe a .htaccess modification that will redirect any traffic to one URL to another while including any trailing text.
Tonight we are launching a new portiong of Question-Defense.com called Engage. This new section allows anyone to write questions and allows the community to respond to those questions. Now people can become more involved and more questions will be answered because the possibilities of who can respond are endless.
This seems to be the week of the Rewrite Engine for me as this is the second semi unique modification I have needed to make to one of our servers rewrite rule sets. This time we have a site where all traffic destined for HTTP is redirected to HTTPS via the LiteSpeed Rewrite Engine. Currently there are no exceptions to this rule on the server except if you are already visiting HTTPS you obviously do not get redirected to HTTPS. So a description of the project along with the necessary syntax to exclude certain ports from your rewrite rule set are below.
LiteSpeed web server uses the same Rewrite engine that Apache uses so most of the information you will find on the Internet relates to Apache and not LiteSpeed. One of the projects I am working on redirects all web traffic that hits each virtual host from HTTP to HTTPS without exception. Recently it came up that we needed to do some API testing with a company that wanted to test on a development server to HTTP and not HTTPS. So I needed to figure out how to exclude a specific directory from our HTTPS Redirect Rule on one specific virtual host which turns out is really easy. Below I describe how to send all traffic except one directory to HTTPS via the LiteSpeed web admin.