Share the Knowledge
RSS icon Home icon

  • How to automatically redirect the WordPress login and admin pages from HTTP to HTTPS

    Posted on November 16th, 2011 webmaster No comments         Print Print

    I always get worried every time I have to login to a website over a non-SSL enabled connection.  When my blog didn’t support SSL (before I migrated from a shared host to my own VPS) and I had to work on it at a coffee shop, I would sometimes change my password when I get home, which of course is still not that secure as my blog is hosted outside my local network which I have no control over.

    A computer with a network card (wired or wireless) that supports promiscuous mode can easily sniff out packets coming in and out of other devices on the same local network the computer belongs to using tools like Wireshark.  So if you’re using a public wireless access point, for example, other computers connected to that same wireless access point could see the data you’re sending and receiving over the network.

    Even if the login form hashes the password first (using one-way hashing algorithms such as MD5 or SHA-1), most users probably have passwords that aren’t that strong/complex, allowing the attacker to brute-force the hashed passwords in a reasonable amount of time.  Advancement in GPU technology and tools like IGHashGPU make cracking passwords much, much faster.

    There are also tools like Firesheep for Firefox which allows attackers to impersonate you by hijacking your session cookies since its content can be retrieved in plain text over an unencrypted connection.

    Automatically redirecting all WordPress pages that send out authentication-related information from HTTP to HTTPS could prevent these types of attacks.

    If you have full control over your WordPress installation, this is very easy to do.  Just edit the wp-config.php file in the root directory of your WordPress installation and add the highlighted line below before /* That’s all, stop editing! Happy blogging. */.

    define('WP_DEBUG', false);

/**
* Force SSL on login and admin pages.
*/
define('FORCE_SSL_ADMIN', true);

/* That's all, stop editing! Happy blogging. */

/** Absolute path to the WordPress directory. */
if ( !defined('ABSPATH') )
        define('ABSPATH', dirname(__FILE__) . '/');

    More information can be found here: http://codex.wordpress.org/Administration_Over_SSL

    If you don’t have full control over your WordPress installation (such as in a shared hosting environment), you can give this plugin a try: http://wordpress.org/extend/plugins/wordpress-https/

    How-To, Networking, Security, Software, SysAdmin , , ,

  • Migrating WordPress from a shared hosting environment to a virtual private server

    Posted on November 9th, 2011 webmaster 3 comments         Print Print

    I was migrating this WordPress blog early this morning from Bluehost to a dedicated Rackspace Cloud Server that I’m already using for a web application I’m writing.  It was almost painless! Just ran into a few minor post-migration issues.

    The reason I’m migrating is mainly because I want more control, like being able to use my own self-signed SSL certificate without paying extra, for example.  I figured since I’m getting very low traffic it really wouldn’t cost me anything extra to host it on Rackspace.

    For example, according to Bluehost, my monthly bandwidth transfer is roughly 2.3GB.  I’m not sure if that’s for both inbound and outbound.  Either way, Rackspace only charges 18 cents/GB for outbound bandwidth (inbound is free).  So even if I’m using 3GB a month, it’s only an extra 54 cents to my monthly cost.  Rackspace’s connection is also way faster.

    The migration steps are pretty straighforward, basically:

    1. Install PHP, MySQL, Apache.
    2. Install WordPress.
    3. Restore the database.
    4. Copy over your themes, uploads, plugins, and other directories that a plugin might be using (in my case I had an extra “gallery” directory for the NextGEN Gallery plugin that I’m using to store my pictures).
    5. Restart Apache.

    Here are the issues I ran into after migration and their solutions:

    Read the rest of this entry »

    Database, SysAdmin , , ,

  • Random Quotes

    Posted on September 30th, 2010 webmaster No comments         Print Print

    I’m currently reading Chris Guillebeau’s The Art of Non-Conformity and I really liked the quotes he put throughout the book.  I often paused for a few seconds after reading each one to think about it.

    I thought it might be a good idea to have random quotes appear on this blog so I searched the WordPress site for plugins and found this Quotes Collection plugin that can do exactly what I want (and more).  It lets you create a collection of quotes that can then be displayed on a page or on the sidebar.  If you look at the sidebar right now the first thing you’ll see is a random quote.  When you refresh the page or go to another page you’ll notice the sidebar will display a new random quote.

    I only have a few quotes entered right now but I’ll make sure to keep this updated whenever I find a new one that I like.

    Read the rest of this entry »

    Announcements
  • « Older Entries

Twenty years from now you will be more disappointed by the things that you didn’t do than by the ones you did do. So throw off the bowlines. Sail away from the safe harbor. Catch the trade winds in your sails. Explore. Dream. Discover. — Mark Twain

Random Pics

ArchesNationalPark_UT_20111129_025 San_Ignacio_Belize_20120125_004 newzealand_taupotonationalpark_20110921_027 dsc00016

Recent Tweets

Categories

Powered by WordPress
Designed by My Mobiles