security


Website security

img_cyber_criminal_283x229According to team-cymru.org, most of the nefarious and malicious activity on the internet originates in China, Korea, Taiwan, India, Russia, and Great Britain. One of my sites that’s not very active was recently hacked due to a WordPress vulnerability. The new WordPress auto-updater is a great new feature so we don’t need to worry so much, but these people — mostly young programmers with too much time on their hands — never stop looking for ways to cause trouble.

Since I don’t have any use whatsoever for traffic outside the U.S., I recently installed some code to block all traffic from other countries. Doing so required the use of geodata. I got mine from maxmind.com, which is freely available for non-redistribution.

This product includes GeoLite data created by MaxMind, available from
http://www.maxmind.com.

I included the code in the document root index.php file. If a visitor from outside the U.S. visits my site (usually a crawler), it gets a simple ACCESS DENIED message. I use this same technique on a few sites I’ve worked on and it works well. None of those sites have had any problems and it can actually improve performance by lessening the server load.