Category Archives: Wordpress

WordPress 3.4.1 and AJAX problems

Overnight another team member updated the main blogs to the newest version of WP, and subsequently some plugins we use failed to work correctly. The plugins display a list of items which are retrieved via an API call to our …

Read more »

DoS on Amazon EC2 instances running WordPress

I was got out of bed with an emergency call from a client at the weekend because his blog was down. This is the one that is getting a lot of traffic, but CPU was spiking up to 100% quite …

Read more »

Using Fail2Ban to protect WordPress

I posted some previous ideas on this that were okay, but they turned out to be less-than-ideal solutions. They work, but one of the blogs I watch over is a bit busy, and having Fail2Ban watching the Apache access.log was …

Read more »

Protecting WordPress from script fishing attacks with Fail2Ban (more…)

A better, but slightly more complex, solution has been posted here A previous post here suggested using a blanket ban on all 404s recorded in the access.log, but this isn’t working quite as well as expected. Mainly due to the …

Read more »

Protecting WordPress from script fishing attacks with Fail2Ban

A better, but slightly more complex, solution has been posted here Because WordPress redirects all incoming requests and serves dedicated 404 pages, nothing ends up in the Apache error.log. and so, The standard Fail2Ban filter apache-noscript.conf won’t work. So here’s …

Read more »

WordPress upload/upgrade permissions with group ownership

I have to maintain a few WP blogs for clients. It’s not a package I overly enjoy working with. Sure, it does the job pretty well and is hugely popular, But there is something about it that I just find …

Read more »