WordPress Continues To Break Things In The Name Of Security

In what has become a nearly annual tradition, WordPress has released yet another update that broke thousands of plugins across the Internet.    As usual, they claim this is in the best interest of security.  Thus the breaking change was done with ZERO notification to developers.   It was also forced onto most sites as a “security patch release” which will update any site that does not forcibly stop automatic updates.

Communication From WordPress Core Is Horrid

While I don’t have an issue with breaking changes for true security issues, what IS a problem is pushing out a change with almost ZERO testing to millions of websites with ZERO communication.    They gave absolutely no warning to thousands of sites that this “update version” was coming and that it would knowingly break things.   They did not communicate to site owners so they could block updates.    They did not communicate to plugin or theme developers so they could come up with new releases.

Read More

Install A Name.com SSL Cert On Amazon Linux

Get Your Certificate Signing Request (CSR)

From Amazon Linux:

cd /etc/ssl
openssl req -new -key vim <domain>.<tld>.key -out <domain>.<tld>.csr

Buy Your Certificate

From Name.com purchase a cert for either a wildcard or single-host fully-qualified domain name.  It must match the domain identifier . used when creating your CSR.

You’ll need the contents of the .csr file and private key you created above.

Read More

Some Linux User and SSH Tips and Tricks

User Management

SSH Login With Keys

From Your Computer

Make sure you have created a private/public key pair.  There are tons of articles online about how to use openSSH (for real operating systems) or some convoluted third-party app like Pagent or Putty to generate an SSH key.
Copy the contents of your id_rsa.pub file (you can use this public key on multiple services, BTW, they do not need to be unique per service.

On The Server

Login with your user account using an old-fashioned username/password.
Now let’s setup a way to login from your computer without typing passwords:
mkdir .ssh

cd .ssh

vim authorized_keys

Read More

%d bloggers like this: