Tech, Web, Work

Defending against WordPress brute-force attacks using built in features of IIS

Throughout the past week, a very large network of compromised computers has been pounding away at sites using the WordPress content management platform, attempting to access those sites by continually attempting logins using default WordPress usernames, along with a combination of passwords. For these attacks to work, the attacking machines have to continually try various combinations of passwords, throwing request…

Continue Reading
Work

Working on the redesign of a college website

November 2011 – The desire for a site redesign is first mentioned, you knowingly sigh a deep sigh to yourself. February 2012 – An administrative committee is formed to lay out the main categorizations and links for the new site.  You shake your head at the first inkling that there are to be changes to cutesy, vague category names like…

Continue Reading
Work

Mobile Traffic to the Marshall Website for 2012

This morning I ran a report for a coworker on the mobile device traffic to the Marshall website over the past year (through yesterday).  The statistics break down like this: 72.92% iOS 22.38% Android 1.02% Blackberry 0.48% Windows Mobile A couple of points of information to use when interpreting the data:  iOS includes all iPhone, iPad and iPod traffic.  While…

Continue Reading
Work

Not understanding the problem

There’s a cute little site here where a graphic designer rants a bit about the American Airlines website, and how if he had the opportunity to design it, he’d do it so much better.   That’s not the interesting part – people on the internet waiting to tell you how much better that they’d do things if they had your job…

Continue Reading
Work

Configuring WordPress with FORCE_SSL_ADMIN with shared SSL and hardware load balancing

While updating our WordPress configuration to deal with a semi-related problem, I wanted to move from the configuration we’d be using which required all administrative logins to WordPress to use SSL encryption to a more secure model that required the entire administrative session be encrypted. These two choices are controlled via settings in the wp-config.php file.  They’re detailed here at…

Continue Reading