Alex Maskara
Thoughts, Stories, Imagination of Filipino American Alex Maskara
HOME
~
It is now 8:30 in the evening and I just prepared rice for my dinner. I am hoping to eat just enough for dinner as I am trying to, first, be healthy by cutting my blood sugar, and second, be alert for a few more hours tonight to savor this wonderful day. Today I accomplished a lot in my computer projects. These are not spectacular accomplishments but simple trials and errors while learning a lot along the way. Last night I discovered that my WordPress site was hacked. And this was the third time it happened. Either it was too lax or too exposed. Plugins must have something to do with it. These are basically doors for uninvited hackers. I know this because one of the plugins I installed was dealing with global visitors and it revealed so many hackers checking and testing out my site’s vulnerabilities. My WordPress has the simplest design, thank God, and I am not using any of the templates (nothing is wrong with them, they just seem too easy and you surrender the control to the designer). Once it gets hacked, then you can always restore a backup but when the designer upgrades the template, you need to review the site and see it needs additional upgrades of plugins and widgets.
Well, I wanted to bypass those steps. Besides, what is the point of learning to code and design webs if I will rely on ready-made templates? These are perhaps more appropriate for those who use a website for self-expression or business and give no hoot on web development. I understand their thinking but I can imagine how much stress they’d go through once the hackers come into the picture. Most likely they will give up, lose the investment, or hire a web admin. It took me some time to figure my website vulnerabilities and weaknesses and even with my corrections, I am sure somebody out there will try to test my site or even my web host just for the heck of it. So I don’t put everything in one basket. Backing up is a must so I can rerun the whole damn thing once someone tries to burn it to the ground.
Which points me in a different direction. WordPress is hackable because it is the most ubiquitous web platform(?) in the world. It can be very easy to install and run. If you simply host your site under WordPress itself or use regular web hosts who invest in security and storage, you should be alright. My approach is quite different. I start from scratch, create my own Virtual OS, install LAMP, set up my domains, etcetera, (that is called Full Stack Development). I truly enjoy it. Only yesterday afternoon, I managed to upgrade my PHP, setup .htaccess, update apache2 and voila, everything is running smoothly until of course, the next hacker strikes.
Even hackers do try hacking as a learning process, I guess. In fact, they probably help me close my vulnerable loopholes. But there are other platforms for web development that may not be as hackable as WordPress. Ruby on Rails, Django, Java Server Pages immediately come to mind. I am sure there are more platforms that I have not studied in the last 5 years after finishing my IT degree only to get back to my non-IT healthcare job. Hopefully, this year of pandemic and isolation will get me reacquainted with the beauty of web development. I have been tinkering this field on and off since 1996. LOL.
Yesterday, I reviewed steps that I have completely forgotten in full stacking. I am glad I did because it made this world disappear albeit briefly in my mind. Anyway, there were a few commands I want to remember:
PHP upgrade:
sudo apt install software-properties-common
sudo add-apt-repository ppa:ondrej/php
sudo apt update
sudo apt install php7.4-extension_name
sudo apt install php7.4-common php7.4-mysql php7.4-xml php7.4-xmlrpc php7.4-curl php7.4-gd php7.4-imagick php7.4-cli php7.4-dev php7.4-imap php7.4-mbstring php7.4-opcache php7.4-soap php7.4-zip php7.4-intl -y
sudo a2dismod php7.0
sudo a2enmod php7.4
sudo service apache2 restart
WordPress reminders:
Improve admin passwords
Use a secured and complicated-name database with a complicated password (try to avoid the defaults offered by WordPress)
Secure via chmod xxx your config.php file
Try to minimize plugins until you are an expert in their security
Learn to create own theme
Learn how to modify apache2 for Rewrite Rules.
Create, and secure .htaccess.
(I have already forgotten my other steps but they are searchable via google)
(I have already forgotten my other steps but they are searchable via google)
Now, I just need to learn how to create a nice looking frontend via css and javascript.
Peace hackers LOL.
2020-11-22 18:23:39
blog
Web Projects
It is now 8:30 in the evening and I just prepared rice for my dinner. I am hoping to eat just enough for dinner as I am trying to, first, be healthy by cutting my blood sugar, and second, be alert for a few more hours tonight to savor this wonderful day. Today I accomplished a lot in my computer projects. These are not spectacular accomplishments but simple trials and errors while learning a lot along the way. Last night I discovered that my WordPress site was hacked. And this was the third time it happened. Either it was too lax or too exposed. Plugins must have something to do with it. These are basically doors for uninvited hackers. I know this because one of the plugins I installed was dealing with global visitors and it revealed so many hackers checking and testing out my site’s vulnerabilities. My WordPress has the simplest design, thank God, and I am not using any of the templates (nothing is wrong with them, they just seem too easy and you surrender the control to the designer). Once it gets hacked, then you can always restore a backup but when the designer upgrades the template, you need to review the site and see it needs additional upgrades of plugins and widgets.
Well, I wanted to bypass those steps. Besides, what is the point of learning to code and design webs if I will rely on ready-made templates? These are perhaps more appropriate for those who use a website for self-expression or business and give no hoot on web development. I understand their thinking but I can imagine how much stress they’d go through once the hackers come into the picture. Most likely they will give up, lose the investment, or hire a web admin. It took me some time to figure my website vulnerabilities and weaknesses and even with my corrections, I am sure somebody out there will try to test my site or even my web host just for the heck of it. So I don’t put everything in one basket. Backing up is a must so I can rerun the whole damn thing once someone tries to burn it to the ground.
Which points me in a different direction. WordPress is hackable because it is the most ubiquitous web platform(?) in the world. It can be very easy to install and run. If you simply host your site under WordPress itself or use regular web hosts who invest in security and storage, you should be alright. My approach is quite different. I start from scratch, create my own Virtual OS, install LAMP, set up my domains, etcetera, (that is called Full Stack Development). I truly enjoy it. Only yesterday afternoon, I managed to upgrade my PHP, setup .htaccess, update apache2 and voila, everything is running smoothly until of course, the next hacker strikes.
Even hackers do try hacking as a learning process, I guess. In fact, they probably help me close my vulnerable loopholes. But there are other platforms for web development that may not be as hackable as WordPress. Ruby on Rails, Django, Java Server Pages immediately come to mind. I am sure there are more platforms that I have not studied in the last 5 years after finishing my IT degree only to get back to my non-IT healthcare job. Hopefully, this year of pandemic and isolation will get me reacquainted with the beauty of web development. I have been tinkering this field on and off since 1996. LOL.
Yesterday, I reviewed steps that I have completely forgotten in full stacking. I am glad I did because it made this world disappear albeit briefly in my mind. Anyway, there were a few commands I want to remember:
PHP upgrade:
sudo apt install software-properties-common
sudo add-apt-repository ppa:ondrej/php
sudo apt update
sudo apt install php7.4-extension_name
sudo apt install php7.4-common php7.4-mysql php7.4-xml php7.4-xmlrpc php7.4-curl php7.4-gd php7.4-imagick php7.4-cli php7.4-dev php7.4-imap php7.4-mbstring php7.4-opcache php7.4-soap php7.4-zip php7.4-intl -y
sudo a2dismod php7.0
sudo a2enmod php7.4
sudo service apache2 restart
WordPress reminders:
Improve admin passwords
Use a secured and complicated-name database with a complicated password (try to avoid the defaults offered by WordPress)
Secure via chmod xxx your config.php file
Try to minimize plugins until you are an expert in their security
Learn to create own theme
Learn how to modify apache2 for Rewrite Rules.
Create, and secure .htaccess.
(I have already forgotten my other steps but they are searchable via google)
(I have already forgotten my other steps but they are searchable via google)
Now, I just need to learn how to create a nice looking frontend via css and javascript.
Peace hackers LOL.
2020-11-22 18:23:39
blog
A Night at the Luneta Grandstand
Understanding my unique Self on my way to Retirement
A Visit to Quiapo with El Fili2
THE DIARY OF ANTONIO PIGAFETTA
Brother, My Brother (Ben Santos)