Skip to main content

category: Security

HOW TO: Block non-Cloudflare requests to your site with a Worker

What’s stopping an attacker from learning your server IP, bypassing Cloudflare and hitting your site directly? Try this…

HOW TO: Handle query strings for WordPress in nginx (like a crazy person would)

You need a wacky method for nginx to uniquely handle incoming requests that contain a specific query string using error page handling.

HOW TO: Use Cloudflare Workers to enable Basic Auth on a subdirectory

Here’s a neat way to protect any subdirectory or URL with Basic Auth using Cloudflare Workers – no .htaccess or htpasswd required!

Security Headers for Headless: Frontity & Apache

Beef up your security by setting security headers. Here’s how to do it with Apache (Nginx method linked).

HOW TO: Block traffic coming from a specific domain

Inbound links are awesome. Except for when they’re not. Here’s how to stop bad ones…

HOW TO: Cache the WordPress REST API Post endpoint in Cloudflare

With this method using Apache, Node, Frontity and Cloudflare, you can start imagining how to get your site to 100% uptime.

HOW TO: Pre-install a Let’s Encrypt SSL cert BEFORE pointing your DNS

Learn how to pre-install a Let’s Encrypt SSL certificate before pointing your DNS to WP Engine during a migration or host switch.

HOW TO: Serve wp-admin from a separate subdomain (or domain)

Ever needed to serve your Wordpress wp-admin/ or wp-login.php from a seperate domain or subdomain than your main site? Here’s how you can do it…

HOW TO: Inject an admin user when you’re locked out of WordPress wp-admin

Locked out of your Wordpress wp-admin? No longer have access to the email address for your user to reset the password? Here are some handy workarounds.

[SOLVED] Cloudflare & WordPress: Getting a 403 when saving?

Cloudflare may block updates to posts & other API dependent content (ie. page builders, etc). If you’re seeing a 403 for /json/wp/v2/posts, here’s why…