Publishing open source software or articles for free is very giving. Not only does it give you a warm fuzzy feeling inside when someone appreciates what you release, but it can also have other indirect consequences that give you a happier life. But when something is free – as in no cost – people will also often turn to a mindset where they don’t appreciate your effort, time or value as a human being. For some reason, some people forget all about being polite and demands that I give them professional support because they can’t read instructions, don’t know what they are doing, or just feel like their time is much more important than mine.

I very much appreciate comments that bring new insights, corrects my errors, or leaves a thank you note. But even so, it is a bit tedious to moderate comments. Though logging into WordPress – even with two-factor authentication enabled – isn’t much of a hassle, it is still a nuisance when you just want to approve or trash a couple of comments.

Nginx is an extremely efficient and quite flexible web server. When you want to do a redirect in Nginx, you have a few options to select from, so you can choose the one that suits you best to do an Nginx redirect.

With the advent of the fully automated and free of cost certificate authorities Let’s Encrypt and StartCom there is no doubt that the future of CAs are changing.

Enabling uploads of SVG files in WordPress is quite easy, and there is a tonne of posts on the Interwebs explaining how you do it. Usually along the lines of: function add_svg_to_upload_mimes( $upload_mimes ) { $upload_mimes['svg'] = 'image/svg+xml'; $upload_mimes['svgz'] = 'image/svg+xml'; return $upload_mimes; } add_filter( 'upload_mimes', 'add_svg_to_upload_mimes', 10, 1 ); And that’s pretty much it. Except it is not.

Uploading SVG files to WordPress when you’re behind the Sucuri CloudProxy Web Application Firewall isn’t that straightforward, but it is possible.

Let’s install an SSL-certificate from Let’s Encrypt for Nginx.

Running a real cronjob is much more reliable than WordPress’ built-in “maybe-will-trigger” solution. But if you’re running a multisite network, you have to add a crontab entry for every site you set up – which is tedious. Thanks to WP-CLI, we can use a small bash script instead, which will run all due events for all sites for us. Oh, and it works for single sites as well.

Depending on your time zone, PHP 7 was finally released on 3rd/4th of December 2015. Even though the general recommendation for production servers is to wait for a little bit and gather some experiences before upgrading, some of us want to jump right on and upgrade to PHP 7.

Security vulnerabilities are often exploits of software that fails when trying to deal with unexpected input. Other times they are exploits of a misconfiguration or a service that unintentionally was open to the public. For the above reasons, we should limit as much as possible what services are exposed to the public and limit as much as possible what they do and accept from the visitors. To follow those security principles, we should only allow the HTTP methods for which we, in fact, provide services. Under all normal circumstances, that would be the methods GET, POST and HEAD.