Using Cloudflare Firewall to Secure WordPress

If you’re using Cloudflare for your website you might not realize the security protections that it can offer.

Using the free package you get access to setup up to five active firewall rules. On the Pro plan this goes up to 20 active firewall rules. The Pro plan also includes the Web Application Firewall (WAF) which will greatly improve security if you are not using any other type of WAF for your website.

What can we use these firewall rules for in a practical sense with WordPress?

  • Restrict access to wp-login.php
  • Restrict access to /wp-admin/
  • Block WordPress XML-RPC xmlrpc.php

On the free plan the easiest win is to implement 3 rules for the above. This will greatly reduce your outside attack surface.

Continue reading…

Website Refresh! v2.0

The vSkilled blog website has had some major improvements and is now officially launched as version 2.0!

The previous design had been in use since late 2014. Over time there were design elements and plugins that stopped working altogether or were causing various issues. I had worked tirelessly to improve the page loading times but had exhausted all my options on the old design. I knew a new design was going to be needed and I began slowly scoping out what I wanted for the new website refresh.

Version 2 (2017 – present)

Version 1 (2014 – 2017)

As you can see I wanted to keep a similar layout, only have it more simplified, and easier to maintain. I believe that has been accomplished. The cleaner look makes it look more professional and easier to read. I think the single post style instead of a post grid also makes the front page more attractive and relevant. Continue reading…

vSkilled Crypto – Now SSL Encrypted!

vSkilled is now fully SSL encrypted and including HTTP Strict Transport Security (HSTS).  Since vSkilled is a technical IT blog, one would expect to think that the communication between the client and server aught be encrypted. Now that traffic has picked up on the site I decided to move things over to SSL.

cf_ssl

vSkilled uses CloudFlare as our CDN so that complicates things slightly when using SSL. We’re using the Full SSL (Strict) model which encrypts the connection between you and CloudFlare, and from CloudFlare to vSkilled’s web servers.

000346_2016-05-18 15_18

 

Enjoy!