Security
Securely installing WordPress
Table of ContentsSecuring WordPress (standard) By Subdomain By Subdirectory Securing WordPress (Fishpig) Further SecurityWordPress unfortunately can be a target or entry point for server compromise (given the large amount of untested plugins available). There are a number of different ways of using WordPress in conjunction with your Magento store, Subdomain (eg. blog.example.com) Subdirectory (eg. example.com/blog) … Continue reading
Securely installing Magmi
Table of ContentsSecuring MagmiDefault installations of Magmi are disabled by the firewall in MageStack due to the extremely severe security risks it poses. If you wish to utilise Magmi, it must be installed and secured properly before use. Securing Magmi The most important first step is to ensure that the entire Magmi directory is not … Continue reading
Block by IP
Sometimes, your site may fall victim to an overly aggressive or problematic user. Blocking access to your server for these is very straightforward, with a simple edit to your domain's ___general/example.com.conf file Eg. To block the IP 192.168.1.1 deny 192.168.1.1; Eg. To block the IP range 192.168.1.0 - 192.168.1.254 deny 192.168.1.0/24; Alternatively, if you want … Continue reading
Block by User Agent
Sometimes, your site may fall victim to an overly aggressive or problematic crawl bot. Blocking access to your server for these is very straightforward, with a simple edit to your domain's ___general/example.com.conf file Eg. To block the Yandex crawl bot if ($http_user_agent ~* "YandexBot") { return 403; } Alternatively, if you want to give a … Continue reading
Protecting Magento admin/downloader/api/rss
Table of ContentsEnabling protection globally Accounting for custom admin URLs/routes Toggle protection by condition Toggle protection mode by IP Toggle protection mode by user agent Toggle protection mode by cookieIts possible to protect your Magento admin and Magento Connect (downloader) without changing the URLs to something obscure. You can do it with a simple Nginx … Continue reading
Protecting virtual hosts and directories
Table of ContentsAdding users Subdomains SubdirectoriesYou can block access to your any virtual host using the normal Nginx syntax, in your ___general/example.com.conf file satisfy any; allow x.x.x.x; auth_basic "Login"; auth_basic_user_file /microcloud/data/domains/x/domains/x/___general/.htpasswd; deny all; You should put the .htpasswd in the ___general directory. After adding changes to the nginx configuration, you'll need to reload nginx to … Continue reading