WordPress Security
I am by no means an expert on WordPress or web development in general, but I have dabbled for quite a while and have stumbled onto some things that might be of interest.
Rambling thoughts about WordPress
This is why I don’t use …
This is one of the big reasons why I don’t use comprehensive security plugins …
Discontinued Security Plugins Expose Many WordPress Sites to Takeover – SecurityWeek
And why I don’t use site builders …
WordPress Site Builder Closes – Devs Forced To Rebuild Client Sites (searchenginejournal.com)
WP Dot Com – the most expensive web hosting in history
I already had ample reasons to despise the freedom-hating People in Charge (PIC) of WordPress.com. This latest news doesn’t add to my dislike – it’s just amusing. WP.com has announced the most expensive web hosting service offering in history. 
Read more WP Dot Com – the most expensive web hosting in history
Fighting terrorism, one managed challenge at a time
Given the current explosion in viciously evil advocacy for genocidal anti-sematic terrorism, and its inevitable bleed-over to murderous anti-Americanism, I decided to add a CF firewall rule to annoy the worst-offending countries with a managed challenge. For good measure I added a few additional nefariously evil countries. I was sadly unable to find a way to include the diabolically depraved pro-Hamas wing of the U.S. democratic party, and its barbaric supporters.
Read more Fighting terrorism, one managed challenge at a time
WordPress Official Recommended Hosting List is Depraved
WordPress dot org has long maintained a very questionable list of recommended hosting providers. Currently the list includes only BlueHost and DreamHost. Why only two? Dunno – the criteria for inclusion and the selection process is completely shrouded in mystery. The list appears to be based solely on the whims of WP Person-in-Charge Matt Mullenweg. A tinfoil-hat conspiracy theorist might suspect that large sums of money are surreptitiously transferred from the chosen hosts to the WP PIC.
Read more WordPress Official Recommended Hosting List is Depraved
Safeguarding Your Online Presence: Cloudflare’s Free DDoS Protection
Guest post written by AI (ChatGPT)
User: Write a blog post about DDoS protection using the Cloudflare free plan.
ChatGPT:
Introduction: Maintaining a secure online presence is of utmost importance in today’s digital landscape. However, the rising threat of DDoS (Distributed Denial of Service) attacks poses a significant challenge to the availability and security of websites and applications.
Read more Safeguarding Your Online Presence: Cloudflare’s Free DDoS Protection
Cloudflare Bot Fight Mode
According to Cloudflare, “Bot Fight Mode is a simple, free product that helps detect and mitigate bot traffic on your domain”. It attempts to identify traffic from bots that are absent from Cloudflare’s good-bot list, and – unfortunately does not block them, but rather issues “computationally expensive” challenges to make them expend time and resources before moving forward with their potentially nefarious mission.
A slope gets slippery, just as Cloudflare’s Matthew Prince predicted
In August 2017, Cloudflare terminated service to the despicable website Daily Stormer. CF had never previously terminated service to any website based on objectionable content, and had stated repeatedly that it would never do so. Two years later, in August 2019, CF terminated service to the equally despicable website 8chan.
Read more A slope gets slippery, just as Cloudflare’s Matthew Prince predicted
Pretty funny – iThemes uses Sucuri for WP security
I think this is pretty funny – iThemes Security Review | Sucuri, and Sucuri Video Review: Cory Miller, CEO of iThemes (screen shot below).
Read more Pretty funny – iThemes uses Sucuri for WP security
Blocking those pesky RSS feeds and Sitemaps
Every time I create a new post or page using WP, the post or page is automatically duplicated in an RSS feed – for example wppov.com/mynewpost/feed. It isn’t exactly an evil twin, just antiquated and – by 2023 standards – more troublesome than useful.
RSS feeds were popular and useful a decade or two ago, but not so much in 2023. These days feeds are more likely used for content scraping, data mining, and spamming. No thanks, I’d rather block this bad behavior.
Cloudflare Drops cPanel Integration
On November 1, 2022 Cloudflare officially declared End-of-Life for its cPanel plugin that provided one-click setup and access to certain common CF admin functions (CF/cP integration had been deprecated a year earlier).
Cloudflare Managed Challenge
I review my Cloudflare firewall rules infrequently – maybe every couple of years – so I didn’t notice immediately when early in 2022 CF retired their CAPTCHA (thus ending the Cloudflare CAPTCHA Kerfuffle – oh well, it was fun while it lasted) and deprecated their JavaScript Challenge in favor of their new, more advanced Managed Challenge.
Cloudflare Speed Test
Not bad …
Cloudflare Turnstile – what’s the point?
Toward the end of September 2022, Cloudflare breathlessly announced the introduction of Turnstile, a free “user-friendly, privacy-preserving alternative to CAPTCHA”
Hostmantis -> Dynamic Hosting – This Can’t be Good
Oi. Got an email from my hosting provider, Hostmantis.
We are partnering with Dynamic Hosting. Going forward, Dynamic Hosting will be managing all monitoring, technical support, and billing services accordingly.
“Partnering”? What the eff is “partnering”? In this case it seems to be a euphemism for HM bailing out on its customers, selling all accounts to DH.
Read more Hostmantis -> Dynamic Hosting – This Can’t be Good
WordPress market share declines!
Since the launch of WordPress 19 years ago, its market share has steadily increased. Until March 2022. WP market share for the first time *decreased* – from powering 43.3% of the web in March, to 42.9% in June. Read more WordPress market share declines!
