The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-44487 was published on 10 October 2023. It outlines a vulnerability in the HTTP/2 protocol, which allows DDoS attacks on a massive scale. LiteSpeed Technologies made a … Read more
This terminal command generates Diffie-Hellman parameters with 4096 bits. This provides good security while still providing acceptable performance.
When installing an SSL certificate on your website, you will need to ensure that all traffic is forced to upgrade from HTTP to HTTPS by means of a redirect rule.
Directory browsing one of the most common security flaws in a WordPress site. By default, the webserver enables directory browsing. This means that all files and folders inside the root directory of the webserver are accessible by a visitor.
Attacks on xmlrpc.php are common. Not many websites actually use the XMLRPC functionality so one simple way of avoiding these attacks was to simply delete the xmlrpc.php file. However the file is restored every time you update WordPress, so this isn’t a very good solution.