Got google authentication working for SSH/SFTP, successfully created a mount bind, and I was able to piece together a stack of .crt files from the old webserver's cpanel backup into a valid .pem cert chain. Good times!

I will share my full notes in a new topic once I have time to edit them into a more readable format

That is a good idea! I'm in the middle of things at the moment but I did take an AMI of before I started messing around... and it's not working as it is now anyways, so I wouldn't really lose too much by starting over and applying what I've learned while taking notes.

It's one of the last parts of putting together a PCI DSS 3.1 compliant webserver, a project which has simultaneously been a gigantic timesuck and a great learning experience for Linux administration. Between log rotation/retention, cron jobs, auditing and PAM configuration I am starting to feel like I know how to do stuff besides "sudo service [whatever] restart"!

Trying to get Google Auth's SSH PAM working... learning a lot about configuring OpenSSH in the process!

Yep, WordPress is a PHP application running about 30% of the top million sites on the internet so it is a big target for hackers and their bots.

It's also the thing that most shared web hosts offer their users in a "set it and forget it, you don't need to know anything about this" autoinstall process.

Those two things combine into an all-too-common story: people that really shouldn't be administering a PHP web application (or anything, really) are led into installing, configuring, and maintaining WordPress for their little food blog or whatever because it's easy to start with. Then they're left to the wolves as soon as the site is installed and vulnerable to exploitation.

This means that you will be miles and miles ahead of the majority of WordPress installations out there in terms of security if you implement anything vaguely resembling web application best practices. Even if you just make sure to update your site once a month! If you take a look at the vectors people get infected with, they are almost always vulnerabilities that were actually patched months (or even years) ago.

Example: The most infamous wave of infections to hit WordPress users in the past few years was caused by a critical vulnerability within RevSlider 4.14 and below, which was a slider plugin packaged with themes for sale on ThemeForest without the ability to auto-update itself. The devloper patched the vulnerability in February of 2014, but didn't tell anyone and didn't release the update to anyone besides their paying customers - so no one who got the plugin as part of a package deal had access to the security update. After a while, they released an updated version that people could use without having paid for their own license... but even after that, the majority of affected sites were maintained by people that didn't understand the importance of staying up to date and so it didn't help much.

As a result, this one plugin was the vector for a wide variety of malware campaigns throughout the next year... and bots are still roaming around trying to exploit this particular bug because there are still sites that are vulnerable to it.

So long story short, as a site visitor you should probably be wary of any WordPress site that seems to be slapped together with defaults for everything. My tell for this is basically: if I can plainly see that it's WordPress based on the URL, then I'll make sure NoScript is on and think twice about visiting it at all. The only exception is the wp-content directory because a ton of plugins require that you use that directory without renaming it. As a site administrator, you should make sure that you have a good security plugin configured and don't have a user named "admin" but otherwise you should be all set to avoid 99.9% of the WordPress "hackers" (script kiddies using WPScan) out there.

With that out of the way, regarding SEO:

According to this Yoast post, 301 redirects are the proper way to preserve link SEO when altering the link itself. In terms of images, they should still have the same media library URL unless you're changing the whole site URL as well... so you shouldn't need to create redirects for those.

@MattSpeller said:

@WingCreative said:

For example, who would spend a bunch of time on the internet talking about cooking ramen? These guys.

Best part of Reddit is the sweet subreddits about junk you are interested in. I'm a WW2 nutter and honestly the stuff you find on there is mind blowing. For a long time I wondered what actually happens when a tank gets penetrated by a shell, and not only did I find out, I discovered the differences between shells (AP, APHE, APBC, APCBC, APDS, API, APFSDS and more).

Most definitely - I always end up losing a few hours of my time whenever I remember AskScience or AskHistorians exists!

I check Reddit pretty much every day, and have been doing so for years.

The interface is terrible, yes. I was on Digg before I moved to Reddit... I still remember loading up Reddit for the first time out of curiosity and just staring at it in horror. I've gotten used to it, but it has by no means improved. Their iOS apps are pretty good though.

My two favorite things about reddit are coming across incredible stories or explanations in post comments, and how you can find thriving niche subreddits for a ton of interests. For example, who would spend a bunch of time on the internet talking about cooking ramen? These guys.

With that said, I don't think it's going to be able to maintain the position it's holding for much longer. It's trying to be a mix of giant monetized supersite and community-focused free speech paradise. It's not going very well. Right now it's clear the administration is desperately trying to figure out how to balance these two things, and all I can say is good luck.

@donaldlandru said:

@DustinB3403 said:

@WingCreative I would expect the Endpoint solution.

Anything not centrally managed is just more costly to attempt to manage. At any size.

Maybe I am reading this wrong, but I think what @WingCreative was asking is the Malwarebytes Endpoint Security $50 vs Malwarebytes Anti-Malware for Business $30 , both of which have centralized management.

According to This comparison chart the only difference between the two is "Advanced anti-exploit protection
(Patent-pending exploit mitigation technology)"

Please correct me if I am wrong; however, I am not sure what "Advanced anti-exploitation" is other than a marketing term, let alone is it worth an extra $20 per PC .

That's exactly the question I was asking, thanks for clarifying Although I wasn't aware the $30/mo option had centralized management too!

With Malwarebytes, do you stick with a Premium license ($30/PC/year) or go for the endpoint solution ($50/PC/year)?

I found the text editor, but didn't see the documents addon

@jospoortvliet is document editing ready to go for 8.2? I noticed I don't have this feature at the moment, and figured I would ask before diving down a rabbit hole hopelessly trying to enable it...

How about this from RapidSSL?

Good points all! Makes sense considering I'm going to be sticking with the free version myself...

Since we're talking about backing XenServer VMs up, would Xen Orchestra with a Starter license be worth considering here? More info here.

I just got the free version up and running, it seems like they do offer some nice tools on top of XenCenter if you get a paid license.

I just had a weird issue on here where it said I needed to log in to do things like post, view unread topics etc but my icon was still in the top right. When I went to the log in page and tried logging back in, it gave me a 403 forbidden error.

I cleared my site cache and it went back to normal with me logged out - I was able to log back in and make this post!

This is a huge improvement. Elastic IPs have been one of the most valuable (and unique) aspects of AWS EC2 for me, totally removing the DNS hullabaloo from switching servers. Now I can do that without paying for an EC2 instance

@scottalanmiller said:

@WingCreative said:

I think everything below the "Reason" text is intended for hapless website administrators that accidentally locked themselves out of their own websites. It is pretty silly of them to have so much instruction for just that particular scenario... How often does that even happen?

I'm sure. But again, this all only makes sense to us as IT people. To their customers, it looks like they have lost their minds.

Yeah, seeing what the Geo IP blocking looks like on this end makes me even happier to have moved away from WordFence for security... Their plugin was effective but left a lot to be desired in terms of polish/usability IMO. This shows that the lack of polish extends to the visitor-facing parts of the plugin as well.

And they're not even honest with the error message - if the Geo IP banning is active then access has been indefinitely denied, not "temporarily limited"!

I think everything below the "Reason" text is intended for hapless website administrators that accidentally locked themselves out of their own websites. It is pretty silly of them to have so much instruction for just that particular scenario... How often does that even happen?

WordFence is a WordPress security plugin that touts country IP blocking as a feature. I'm betting some web developer was like "Let's just whitelist the countries we're marketing to, there's no way anyone in any other countries would ever have a legitimate reason to visit!"

Ninite to the rescue!

SourceForge has been circling the ethical drain for a while now

In my experience, it has been pretty straightforward to stay within the free tier as long as I stick to one EC2 instance at a time with <30gb attached EBS storage.

Learning to use AWS would definitely be a marketable IT skill - here's a rundown on what you can use the AWS services for. The AWS console is a lot to take in at first, but you can do a lot with it just by learning how to manage EC2 instances. You can also run one small instance for free for the first year you have your account - which is probably all you would need to get some good hands-on experience building servers from scratch.

I started learning how to manage virtual servers on DigitalOcean. The interface was much easier for me to learn how to use because it's entirely focused on building virtual servers... unlike AWS, which can do about a billion different things with its dashboard full of options. You also have the ability to load up a variety of pre-configured servers on DO, so if you'd rather skip learning how to install an application at first you can dive right into messing around with it.