Category Archives: Server Configuration

How to enable HTTPS on WordPress using CloudFlare

Recently, Google said it will use HTTPS as a ranking signal. So, if you are a website owner, you might be thinking of switching to HTTPS. However, that meant purchasing an SSL certificate. Last month CloudFlare announced Universal SSL which will allow all its customers (including free users) to be able to use SSL on their sites. So now, we can have SSL on our websites without having to pay for an SSL certificate. In this article we will see how we can use CloudFlare to enable HTTPS on WordPress for free. This article assumes you are already using ClodFlare on your website.
Read more »

How to generate passwords for .htpasswd using PHP

In my earlier post about .htaccess I had described about authentication using .htaccess and command to generate .htpasswd file. However, when we want to add passwords for many users that method will take too long, since we will have to add passwords for each user one at a time. However, there is an easier way to generate the .htpasswd file using PHP. In this post I will show the different algorithms which can be used to generate the .htpasswd file.
Read more »

How to hide Nginx version number in headers and errors pages

In default Nginx configuration, the server sends HTTP Header with the information of Nginx version number of the Server. The HTTP response header “Server” displays the version number of the server. This information can be used by hackers to try to exploit any vulnerabilities in the Nginx, specially if you are running an older version with known vulnerabilities.

Sample HTTP Response Header:

HTTP/1.1 200 OK
Server: nginx/1.2.6 (Ubuntu)
Date: Wed, 31 Jul 2013 19:47:33 GMT

Read more »

Big forms and PHP max_input_vars

Recently I was working in WordPress to create a big menu, with over 75 links in it. When I created it and tried to save it got save only partially, few menu items at the end got truncated. I was not sure what happened. So then I tried to add 1 more link and it was not saving. Then I decided to check if there were any PHP errors. I found the following in the error logs:

PHP Warning: Unknown: Input variables exceeded 1000. To increase the limit change max_input_vars in php.ini. in Unknown on line 0, referer: http://mysite.com/wp-admin/nav-menus.php

Then I found out that there is a PHP setting “max_input_vars” (available since PHP 5.3.9) which limits the number of variables that PHP will process. If this value is 1000 (default is 1000) PHP will process first 1000 variables and drop the remaining. This was the reason why some menu items were saved and some not.
Read more »

How to hide apache information with ServerTokens and ServerSignature directives

In default Apache configuration, the server sends HTTP Header with the information of Apache version, modules, Operating System, etc of the Server. The HTTP response header “Server” displays all these details of the server. This information can be used by hackers to try to exploit any vulnerabilities in the Apache, OS or other modules you are running, specially if you are running an older version with known vulnerabilities.

Sample HTTP Response Header:

HTTP/1.1 200 OK
Date: Sun, 10 Feb 2012 07:24:47 GMT
Server: Apache/2.2.17 (Win32) PHP/5.2.17
Vary: Accept-Encoding,Cookie

Read more »