Do you have scheduled jobs run via Cron that you want to prevent being run via browsers and other user agents? Well, here are two single line statements to do just that. One, for scripts "requested" by directory path; and another for scripts requested by URL. Read More

If you are unable to access your WordPress dashboard because the login page is blocked, it could be because your host’s server security has detected a brute force attack. This article shows how to make a few simple changes which allow you to continue logging in whilst keeping your server's brute force countermeasures. Read More

Your first line of defence in preventing common vulnerability scans, directory traversal, and code injection attacks. A must read, if your web-site is hosted on either Apache (Linux) or IIS (Microsoft) servers. Read More

Last month there were reports that a cyber-criminal gang had infected 30,000 Wordpress blogs to market “anti-virus” software. Wordpress is a popular target; keep your version and plugins up to date; and don't expose your site to unnecessary risks. If you require users to register before posting comments, for no other purpose than as part of your spam prevention strategy, then think again: ............ Read More

This article is about one of your first lines of defence – using an Access Control List (e.g. htaccess on Apache sites) to block unwanted visitors/bots from your site, by country IP location. Part 2 will look at blocking by User Agent. Read More