Category Archives: Server Configuration

Generating bcrypt .htpasswd passwords using PHP

In my previous post we saw how to generate .htpasswd file using crypt and apr1-md5 algorithm in PHP. However, now there is a more secure BCRYPT algorithm that can be used since apache 2.4 for passwords in .htpasswd. In this post we will generate .htpasswd file using the BCRYPT algorithm in PHP.
Read more »

How to enable HTTPS on WordPress using CloudFlare

Recently, Google said it will use HTTPS as a ranking signal. So, if you are a website owner, you might be thinking of switching to HTTPS. However, that meant purchasing an SSL certificate. Last month CloudFlare announced Universal SSL which will allow all its customers (including free users) to be able to use SSL on their sites. So now, we can have SSL on our websites without having to pay for an SSL certificate. In this article we will see how we can use CloudFlare to enable HTTPS on WordPress for free. This article assumes you are already using ClodFlare on your website.
Read more »

How to generate passwords for .htpasswd using PHP

In my earlier post about .htaccess I had described about authentication using .htaccess and command to generate .htpasswd file. However, when we want to add passwords for many users that method will take too long, since we will have to add passwords for each user one at a time. However, there is an easier way to generate the .htpasswd file using PHP. In this post I will show the different algorithms which can be used to generate the .htpasswd file.
Read more »

How to hide Nginx version number in headers and errors pages

In default Nginx configuration, the server sends HTTP Header with the information of Nginx version number of the Server. The HTTP response header “Server” displays the version number of the server. This information can be used by hackers to try to exploit any vulnerabilities in the Nginx, specially if you are running an older version with known vulnerabilities.

Sample HTTP Response Header:

HTTP/1.1 200 OK
Server: nginx/1.2.6 (Ubuntu)
Date: Wed, 31 Jul 2013 19:47:33 GMT

Read more »

Big forms and PHP max_input_vars

Recently I was working in WordPress to create a big menu, with over 75 links in it. When I created it and tried to save it got save only partially, few menu items at the end got truncated. I was not sure what happened. So then I tried to add 1 more link and it was not saving. Then I decided to check if there were any PHP errors. I found the following in the error logs:

PHP Warning: Unknown: Input variables exceeded 1000. To increase the limit change max_input_vars in php.ini. in Unknown on line 0, referer: http://mysite.com/wp-admin/nav-menus.php

Then I found out that there is a PHP setting “max_input_vars” (available since PHP 5.3.9) which limits the number of variables that PHP will process. If this value is 1000 (default is 1000) PHP will process first 1000 variables and drop the remaining. This was the reason why some menu items were saved and some not.
Read more »