Rambling thoughts about WordPress
Cloudflare Firewall Rules
Cloudflare announced the introduction of firewall rules on October 3, 2018. Surprisingly, five firewall rules are even provided on the free plan. By comparison the Pro plan provides 20 firewall rules. Unlike Page Rules, additional firewall rules can *not* be purchased. I get five, that’s it – but as we will see a single firewall rule can do a bunch of different stuff provided that the final action is the same. Pretty generous of CF, I think, seeing as I use only their free tier.
WP dot com or WP dot org?
The interwebs are full of comparisons of WordPress dot org and pretty much everything else, including its sibling WordPress dot com. Basically WP dot org is free, open-source CMS software that I self-host using my own domain name and a commercial hosting provider of my choice. It has a bit of a learning curve but limitless possibilities. WP dot com is a commercial entity that offers to host my blog on its servers. It is easy to use and offers a free tier but is somewhat limited – especially on the free tier. It is frequently compared to Google Blogger.
Really no need for me to add more – except for my point of view.
She posted Clickbait. What happened next exploded her world!
– or –
Five Shocking Reasons a web page “Call to Action” is really Clickbait
(Ask your doctor if your heart is healthy enough to read #4)
- Irresponsible use of emotional triggers.
- Lack of humanity.
- Lack of honesty.
- Your doctor called and requested I redact #4.
- False promises.
Read more She posted Clickbait. What happened next exploded her world!
2018: The year of the missing theme
Every year since 2009, the good people at WP have released a new default theme. Until now. The default theme is usually released in November, and is named for the upcoming year. So, the Twenty Ten theme was released late in 2009. The tradition continued through Twenty Seventeen, released in late 2016, then ground to a screeching, unplanned, embarrassing halt. This is the year of the missing theme.
WP Contact Form Security
There are a couple of aspects to the security of my Contact Kenny page.
2FA
Two factor authentication (2FA) is an extremely strong security measure to keep bad guys, gals, nonbinaries, and bots from hacking into my important accounts – WP admin, email, registrar, cPanel, and so on. And … I’m just not a fan.
cPanel and FTP security
I take numerous precautions to prevent malicious logins to my WP admin account. None of which will do me a bit of good if my cPanel or FTP accounts get hacked. I don’t even use FTP. On those infrequent occasions when I need to transfer files, I use my cPanel file manager. I would disable FTP completely – except that I can’t find a way to do it. I also can’t find a way to obfuscate cPanel or FTP login, add a reCaptcha, limit login attempts, or add a security question. Very strong passwords are a good start, but I hate relying on just one lock.
Arrg! Me Pirate Form plugin be walkin the plank.
Shiver me timbers! Me favorite contact form plugin – Free and Simple Contact Form by Pirate Forms – be abandoning ship. Pirate Forms was acquired by WPForms, who are retiring my favorite contact form in favor of a migration path to their signature WPForms Lite. Either by remarkable coincidence or due to a wry sense of humor, the scallywags at WPForms made the announcement on International Talk Like a Pirate Day.
When a favorite plugin is lost at sea.
Danger, Will Robinson!
I use Cloudflare page rules to keep bad bots completely off my login screen and admin area. And they have always done a great job. Until recently. Now – Danger, Will Robinson! – bad bots are waltzing merrily past my precautions and attempting to login, or creating bogus subscriber accounts.
WP Malware Scanners
I take a number of security precautions to keep my sites free of malware. But what if malware gets past my defenses? I need to be able to detect it so that I can eradicate it. With WP malware scanners, as with everything else WP, I prefer free. I know of three types of free WP malware scanners: Host-based; Web-based; and Plugins.
WP is not ready for CSP
A Content Security Policy (CSP) relies on code headers to help prevent cross site scripting and other malware, providing a great addition to a layered security approach. I think of it as a reverse firewall. It tells browsers exactly what content should be accepted from my site. All other content – malware for example – should be rejected. So, it doesn’t exactly protect my site. But if my site gets infected, it can prevent the infection from spreading – possibly saving my reputation
A correct CSP is a really good thing, adding to interweb safety. So, why do almost no websites – something incredibly small like 1% of 1% – have a CSP? Partly because it is not very well known yet, but also because it is really complicated to create a correct one. It is much more likely that I will screw up my WP site and deliver false errors to my visitors than it is that my CSP will work properly.
My full list of WP security settings, plugins, etc..
I am convinced that for most WordPress users one of the popular all-in-one security plugins like WordFence or All In One WP Security & Firewall is a good solution. I like to tinker though, and to choose the best tool for me for each aspect of security. I also like light solutions, and a layered approach to security.
Read more My full list of WP security settings, plugins, etc..
The greatest keyboard of all time
Having worked in IT since the mid-1980s, I have seen tremendous advances in technology. Everything has progressed consistently for the better by leaps and bounds. CPUs, monitors, networks, pointing devices, on and on. Year-by-year, decade-by-decade, everything is faster, cheaper, brighter, more capacity, more bandwidth, better everything in every way.
With one exception. The greatest keyboard ever made was the IBM Model M, introduced in 1984. By ‘greatest’ I mean the best keyboard ever mass-produced for the common people, even included standard with off-the-shelf PCs. There are expensive gaming keyboards, hand-crafted artsy perfumed keyboards, keyboards specially made to excel at a certain something, that no doubt have their merits. But for a run-of-the-mill everyday office keyboard for regular people, the M rules and it ain’t even close. Since the M, keyboards have gotten progressively worse – flimsier and mushier – over time.
The greatest keyboard ever made
Is Gutenberg the beginning of the end of WP?
Is Gutenberg the WP Waterloo? An editor too far? The doomed charge of the CMS brigade?
