Skip to main content

category: Security

HOW TO: Prevent exposing your visitor’s data to the Chinese Communist Party through Tik Tok embeds

Concerned about exposing your visitor data to third parties like TikTok or the Chinese Communist Party? Here’s what you need to know about Wordpress embeds.

HOW TO: Block non-Cloudflare requests to your site with a Worker

What’s stopping an attacker from learning your server IP, bypassing Cloudflare and hitting your site directly? Try this…

HOW TO: Handle query strings for WordPress in nginx (like a crazy person would)

You need a wacky method for nginx to uniquely handle incoming requests that contain a specific query string using error page handling.

HOW TO: Use Cloudflare Workers to enable Basic Auth on a subdirectory

Here’s a neat way to protect any subdirectory or URL with Basic Auth using Cloudflare Workers – no .htaccess or htpasswd required!

Security Headers for Headless: Frontity & Apache

Beef up your security by setting security headers. Here’s how to do it with Apache (Nginx method linked).

HOW TO: Block traffic coming from a specific domain

Inbound links are awesome. Except for when they’re not. Here’s how to stop bad ones…

HOW TO: Cache the WordPress REST API Post endpoint in Cloudflare

With this method using Apache, Node, Frontity and Cloudflare, you can start imagining how to get your site to 100% uptime.

HOW TO: Pre-install a Let’s Encrypt SSL cert BEFORE pointing your DNS

Learn how to pre-install a Let’s Encrypt SSL certificate before pointing your DNS to WP Engine during a migration or host switch.

HOW TO: Serve wp-admin from a separate subdomain (or domain)

Ever needed to serve your Wordpress wp-admin/ or wp-login.php from a seperate domain or subdomain than your main site? Here’s how you can do it…

HOW TO: Inject an admin user when you’re locked out of WordPress wp-admin

Locked out of your Wordpress wp-admin? No longer have access to the email address for your user to reset the password? Here are some handy workarounds.