• Three Ways to Increase Security against Bad Bots and Spam

    DashingWP’s servers were under attack today from what appears to be a pretty nasty DDoS attack that originated in China, bounced off of Germany, and then hit really hard from the UK, Portugal, Minnesota (USA), New Jersey (USA), and parts of Utah (USA). In total, there were 26,491 IP addresses...

  • Quickly Block Traffic with ipset and iptables

    To piggy-back off of the third preventive control in increasing security against bad bots and spam, you can quickly block traffic with an iptables entry that utilizes ipset.** If you’re not already using ipset, first see if you have ipset installed. ipset list If you have it installed then you...

  • Scrubbing logs for bad IPs

    Periodically, log files should be scrubbed for bad bots and malicious IPs. Let’s do that. This will work with any log file in which you have one IP address per line. The first thing we want to do is pull out all the IP addresses in our log file. Let’s...

  • How to fix “Host key verification failed” error

    If you’ve ever rebuilt a server that you have connected to in the past, chances are you’ve received an error when trying to ssh back into it for the first time since the rebuild. If you’re getting a screen that says “WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!”, the workaround is...

  • The Problem with Anti-Spam Plugins

    Installing anti-spam plugins are only the first step to mitigating garbage traffic. If we really want to tackle the issue of spam, we need to approach it from the server’s perspective and thwart garbage requests before they’re served. Is this possible? The short answer is: it depends. WP Engine recently...

  • 60 Fresh WordPress Themes for January 2014

    With all of my developers being so quiet for the holidays, I can’t believe so many theme authors have published new and exciting WordPress themes this month. I’m posting this theme roundup before the new year, so we can get a glimpse of what to expect as we move forward...

  • WP Engine Hotfix: Preventing Spam and Bad Bot Traffic, Part II

    In Part I of this WP Engine Hotfix, I discussed some of the theory behind WP Engine’s visitor calculations and how end-users of WP Engine could benefit from taking charge of their traffic themselves. In this next part, I’ll discuss ways to log your visitor traffic, scrub that traffic for...

  • WP Engine Hotfix: Preventing Spam and Bad Bot Traffic, Part I

    WP Engine counts traffic from “bad” bots (like harvesters and spam bots) the same way it tracks human visitors. While some people have gone to great lengths to talk about how this has dissatisfied them to the point of leaving WP Engine, steps can be taken to take charge of...