Breadcrumb NavXT WPML Extensions 1.3.0

Announcing the immediate availability of Breadcrumb NavXT WPML Extensions 1.3.0. This version fixes a compatibility issue with PHP7.1. Note this release temporarily breaks from semantic versioning due to a bug in 1.1.1 where the internal version was improperly set to 1.2.1.

Users with valid and activated license keys should receive an update notification within the WordPress dashboard and be able to use the update mechanism to update (just like with any plugin in the WordPress.org repository).

-John Havlik

[end of transmission, stay tuned]

Use ModSecurity Not A Plugin

When dealing with login attacks against wp-login.php and xmlrpc.php, consider using an application firewall such as ModSecurity rather than a WordPress plugin. Why? ModSecurity runs before the request hits PHP. Thus, WordPress is not even run on these known to be bad requests.

Some Numbers

Prior to enabling ModSecurity rules protecting wp-login.php and xmlrpc.php, these were the most popular files hit across all Weblogs.us WordPress installs. In December of 2016, wp-login.php was 23.48% of all hits, xmlrpc.php was 19.75%—A total of 43.23% all hits for what are really non-user facing pages. Similar behavior had been seen for the months prior as well.

After enabling ModSecurity rules punishing multiple bad login attempts for wp-login.php and xmlrpc.php, their total hits plummeted. In February, they accounted for only 3.78% of all hits. Did the robots go away? No, they were getting 403 errors, nearly 20% of hits resulted in a 403 error.

Caveat Emptor

Implementing successive failed login attack mitigation rules is quite easy on Apache. Rather than repeat how to do this, see Mika’s post WordPress login protection using ModSecurity. Unfortunately, Nginx is a different story. While ModSecurity is available for Nginx, any rule that requires a locationmatch parameter will not work (locationmatch is Apache specific). Instead, a custom location rule for wp-login.php and xmlrpc.php can be generated with ModSecurity enabled and the extra rules applied. It isn’t terribly elegant, but appears to work.

Ease of implementation aside, the performance benefits from blocking malicious login traffic earlier makes using a ModSecurity based implementation worthwhile. At Weblog.us, we dramatically cut down on resource usage by implementing ModSecurity rules for blocking malicious wp-login.php and xmlrpc.php accesses.

-John Havlik

[end of transmission, stay tuned]

Supermicro X10SDV-7TP4F Heatsink Swap

After assembling my new home server, I ran into a bit of a heat issue. The Xeon-D SOC would get quite hot under load (80C), and was a little warmer than desired while idling (40C). Attempting to cool itself off, the motherboard kept the chassis fans spinning fast enough to be annoyingly loud. Since the heatsink installed on the motherboard was designed for 1U compatibility, and the case I’m using is 2U tall, it was not getting the airflow it was designed for.

Continue reading

Breadcrumb NavXT Menu Magic 1.1.4

Announcing the immediate availability of Breadcrumb NavXT Menu Magic 1.1.4. This version fixes a bug relating to menu items with null or blank types. Previously, an error message was displayed when such a menu item was encountered. With version 1.1.4, Breadcrumb NavXT Menu Magic ignores these items.

Users with valid and activated license keys should receive an update notification within the WordPress dashboard and be able to use the update mechanism to update (just like with any plugin in the WordPress.org repository).

-John Havlik

[end of transmission, stay tuned]

Breadcrumb NavXT Attributes 1.0.0

Introducing Breadcrumb NavXT Attributes. This plugin adds support for attribute based breadcrumb trails to Breadcrumb NavXT. Commonly seen on product pages, attribute breadcrumb trails show all of the taxonomy hierarchies used to classify a post. With Breadcrumb NavXT Attributes, a breadcrumb trail generated is for each term hierarchy of the post in question.

Features

  • Automatically generates every breadcrumb trail to a resource belonging to multiple term hierarchies
  • Ability to restrict generate breadcrumb trails to a specific taxonomy
  • Shortcode for embedding breadcrumbs into posts
  • Integration into Breadcrumb NavXT’s widget
    • Note, this method does not have ability to restrict to a specific taxonomy or to enable the display of the current item

-John Havlik

[end of transmission, stay tuned]