David Westerfield

Gospel. Culture. Technology. Music.

Tag: Web Application

Security Mashup: Four Steps to Secure WordPress

After working through a number of WordPress sites over the years and either preventing hack attempts or intervening in cleaning up hacked sites, I’ve “engineered” a free way to keep your site secure with the use of these plugins in conjunction:

  1. iQ Block Country: This plugin will prevent certain countries that you set from accessing either the front-end of your site, or (in the cases I use it for almost exclusively) the back-end. For the purposes of the sites I manage, I block all except the United States on the back-end and leave the front-end open to all.
  2. Jetpack: this is a great plugin to utilize anyway just for stats collection, image/CDN offloading, but included within this plugin is the ability to turn on brute force login protection. Another very helpful prevent if these other tools don’t catch something.
  3. WordFence: this free tool (that actually does have a subscription service for even better protection) is a web application firewall for use directly within WordPress. One of the big things it prevents are brute force login attacks, XSS attacks and SQL injection attacks, amongst others. Now, a web app firewall (like ModSecurity or some other hardware appliance like a Barricuda or Cisco firewall) in front of the application itself would work even better at preventing attacks before they even got to your WordPress site (if setup correctly), but can be quite advanced to install and configure. Regardless, this plugin is a great way to keep those kinds of attacks at bay.
  4. Invisible reCaptcha: this utilizes the newer version 3 of Google’s reCaptcha to prevent automated bots from either spamming the comment sections of your posts or pages or from brute force attempts to login to your site as admin.

None of these methods are fool proof from attacks getting through some other threat vector, but I’ve found this to catch quite a bit of junk on all the sites I’ve set them up on.

And one last thing: make sure and secure your site with SSL?!? 🙂

Converting a SharePoint Web Application to Claims Authentication from Classic Auth

If you’re ever in need of converting your existing web applications within SharePoint to claims authentication from classic auth, you’ll need to run the following commands.

In order to do this, you’ll need to use the SharePoint PowerShell command prompt and run the commands in the order below under your farm service account:

Read More

Granting A Service Account Access to a Web Application in SharePoint 2013

Need to give a service account access to a web application in SharePoint 2013? Easy! Just run these two PowerShell commands as the farm service account in the SharePoint PowerShell command prompt:

$webApp = Get-SPWebApplication http://contoso.com
$webApp.GrantAccessToProcessIdentity("CONTOSO\svcacct-contoso")

Done.

Powered by WordPress & Theme by Anders Norén