Two options to secure your site against brute force: hiding the login page and using a VPN. Which is safer? How much does each cost? And how much extra time does it take, and how steep is the learning curve?
Most users are aware that HTTPS is a secure protocol that encrypts their communication with a web server. We rely on HTTPS to ensure that unauthorized parties cannot “snoop” on our conversation with a webserver, for example our bank’s website. But HTTPS helps maintain security in another, lesser known way: Authentication. (more…)
A memory leak on some of Cloudflare’s code caused sensitive information to be exposed. Worse yet, some of the exposed information was cached by search engines. Despite all the hype, “cloudbleed” affects a fraction of Cloudflare’s sites. Cloudbleed threat summary The likelihood of a site being affected by Cloudbleed is Low-Medium. The bug caused data leak in 0.00003% […]
Beginning in January 2017, Chrome (version 56 and later) will mark pages that collect passwords or credit card details as “Not Secure” unless the pages are served over HTTPS. (Google security blog) All websites, whether they require users log in or not, should switch to HTTPS in the near future. This is something most website […]
If you don’t use a WAF on your website yet, 2017 is a great time to add the security of a Web Application Firewall. The two biggest WAF vendors are Sucuri and Cloudflare. Cloudflare provides great flexibility and many configuration options, giving you enough rope to hang yourself. Sucuri’s configuration is easier, but can also have […]