Content Security Policy (CSP) Report URI for free

Content Security Policy (CSP) is a great way to protect your sites. You implement it by adding a header to your web server’s HTTP response. The hardest part, in my opinion, is finding out where you can report violations, without having to pay a penny. Using Google’s Firebase Free plan you can create a Cloud Function to handle the reports sent by browsers when a rule has been violated. The Cloud Function can be triggered by an HTTP request. [Read More]

Cloudflare Firewall Rules to Protect WordPress

Cloudflare Firewall rules a protecting my site from a brute force attack from a botnet. Below I’ll show you how to use Firewall Rules to keep your WordPress site safe. With the Cloudflare free plan, it includes five free Cloudflare Firewall Rules. Cloudflare Firewall Cloudflare is using wirefilter, which is a Wireshark-like expression language that they have created. We will need to create two rules to properly protect our WP Dashboard. [Read More]

How to secure your PHP Web App with a simple Firewall

I was trying to find a simple way to secure my PHP Web App when I realized how difficult it could be. Securing it the easy way cost more money than I’m willing to spend, so I decided to build my own solution. What are your options? Compiling nginx with ModSecurity isn’t easy, and I don’t think your WAF (Web Application Firewall) should be tied into your web server. If you want to simplify things, you could use Cloudflare or Sucuri, but that can be expensive. [Read More]

Securing a Server

This post will cover securing a Linux server. Back in the day, I started with Red Hat 6 and Slackware 4; I still have a book from when I was learning Red Hat 6. I also ended up learning FreeBSD, but I’ll save that story for another post. I’m not claiming to be an expert in server security, but if you follow these tips, it’ll be a good start in the right direction. [Read More]