I finally started working my way through the backlogs of links I had saved to read within Pocket. I found myself repeatedly hopping over to Delicious to bookmark my favorites. Then, I remembered IFTTT supported both sites.
So I created the Pocketing Faves recipe. Every time you mark a link as a Favorite within Pocket, it’ll automatically get saved as a Public Bookmark on Delicious.
I’ve started working on the Super Ginormous child theme for Tersus once more. As part of my social media fast, I’m taking 30 minutes a day to work on a personal project. I’ve converted the theme’s stylesheet to be Sass-based. Next up will be to refine the general look of it…
Flat Version
Textured Version
Click the image above to grab the full-size image. Download the pattern (.pat, .psd, .ai) here: http://hrrsn.me/QVNe
I’m taking a break from Twitter, Facebook, App.net, Foursquare, Instagram, Google+, etc. for a while. The shear number of social networks I belong to is, in and of itself, a problem.
I love the discussions I have on them. I love what I learn from them. I love seeing what my friends are up to, how their kids are doing. But the reality is… it’s getting to be too much; too distracting.
So I join Jesse and Anton in beginning a social media hiatus as of today. I don’t know how long it will last. But I fully intend to spend more time creating instead of consuming. The only way to combat FOMO (Fear of Missing Out) is to Force Ourselves to Miss Out (and hopefully come to the realization that we haven’t missed much at all).
Created via Adobe Kuler for iPhone
https://kuler.adobe.com/#themeID/2738624
Created via Adobe Kuler for iPhone
https://kuler.adobe.com/#themeID/2738617
Pattern, PSD and AI file with honeycomb pattern used in this wallpaper available here: http://hrrsn.me/QQht
I panicked quite a bit when I discovered someone had been repeatedly hitting xmlrpc.php on my install of WordPress. I didn’t realize it was happening until my host alerted me that I was potentially going to exceed resources for the month.
I wasn’t sure what the cause of the overage was initially, so I had to rely on my host’s reporting and server logs. (Pouring through weeks of logs sucks, by the way.) My host’s reports showed me the files that were being reported most often. I then searched through logs to see which IP addresses were accessing them most often.
My first step in stopping the attack was to block offending IP addresses via .htaccess:
<Files *> # 'files *' applies to ALL files. order allow,deny allow from all deny from 2.176.5.143 deny from 2.176.189.90 deny from 2.179.189.187 deny from 37.63.168.226 # and so on... </Files>
Because I’m not using any apps to publish to my site, I removed xmlrpc.php file from site’s root folder and replaced it with an empty file.
My next step was to install Better WP Security. It tracks failed login attempts and auto-blocks after a set number of failed attempts. It allows you to obfuscate the location of /wp-admin and /wp-login.php. It also walks you through a whole host of other recommended changes to better secure your installation. I’ve tried several other security plugins, and this was my favorite, by far.
Better WP Security emails you whenever there are too many failed login attempts using a particular user name. I deleted the ‘admin’ account long ago, and created a ‘cdharrison’ account instead. I started getting notices that several IPs were trying to login using ‘cdharrison’. (That freaked me out a bit, but was probably a little too predictable of me.) So, I created a new admin account, logged in as it, deleted ‘cdharrison’ and attributed all of the posts to the new account.
I’m also looking into other solutions, like Wordfence and Bulletproof Security and a few others, but Better WP seems to be working fairly well.
So… so far, so good. I’m not going to pretend my site’s completely invulnerable right now, but it’s in much better shape than it was. So, thank you random internet buttholes: Your attempts to compromise my site have made me consider security quite a bit more than I used to.
What’re you doing to keep your WordPress site secure? Have any best practices you’d share that isn’t covered in the Codex: Hardening WordPress?
