certificate

HTTP Public Key Pinning (HPKP)

Using HTTPS helps preventing someone from snooping your username/password or hijacking your sessions. Using HSTS makes sure the connection stays on HTTPS, even if a MITM tries to redirect you to the plain HTTP version of a web site. But it is easier than you might think for a MITM to use a rogue certificate, making you believe everything is fine. HTTP Public Key Pinning (HPKP) helps the browser check that everything actually is fine.

July 16, 2015 · 5 min · Bjørn Johansen

The slides from my presentation on HTTP/2 at WordCamp Belgrade 2015

Here are my slides from WordCamp Belgrade 2015: HTTP/2 is here – Unlearn your optimization skills If you’re having issues with the HTML version, you may download a PDF here.

April 18, 2015 · 1 min · Bjørn Johansen
elephant

Running PHP7-FPM Nightly Build on Ubuntu 14.04

As I’m writing this, the calendar shows April 14 2015. According to the PHP 7.0 timeline, it has a projected release date of November 2015. But if you want to try it out (to check out the speed), you can already do so.

April 14, 2015 · 3 min · Bjørn Johansen
catch

Running HHVM with fallback to PHP-FPM

HHVM can really speed up your PHP-based web site. Most reports are somewhere in the range of 2–4x faster. Unfortunately, HHVM isn’t very stable and will suddenly die, just of the blue, from time to another. Fortunately, if you’re running Nginx it’s really easy to set up PHP-FPM as a fallback.

December 3, 2014 · 4 min · Bjørn Johansen
digiskull

Using fail2ban to block WordPress login attacks

Fail2ban works by filtering a log file with a regular expression triggering a ban action if the condition is met. After a preset time, it will trigger an unban action. Without much effort, we can have WordPress log all authentication events and have fail2ban react on them.

November 7, 2014 · 5 min · Bjørn Johansen

Using fail2ban from behind a Rackspace Cloud LoadBalancer

If your fail2ban is on a host behind a Rackspace Cloud LoadBalancer, you’ll want to block the offending IP addresses directly in your LoadBalancer. If your LB is acting as a reverse proxy, you’ll HAVE to block in the LB, but it is also nice to protect all other nodes behind the LB and offload the lifting.

November 7, 2014 · 2 min · Bjørn Johansen
hhvm-grafitti

Running HHVM instead of PHP with Nginx on Ubuntu

Since version 3.9, WordPress have been 100% compatible with HHVM and I have begun replacing PHP with it on a few of my servers to experiment.

May 12, 2014 · 2 min · Bjørn Johansen
Qualification, Hand, Thumb

WordPress Quality Guidelines

Any organization where multiple developers cooperate on a regular basis needs some guidelines to assure optimal quality of the end result. Most of these rules applies to freelancers as well.

February 27, 2014 · 7 min · Bjørn Johansen
Fighter Jet, F 15 Strike Eagle, Fighter Aircraft

«Slap-on» speed optimization of your WordPress site

OK, so you might have been at a WordCamp listening to talks or reading a few blog posts and you get that you should really get your WordPress site speed optimized. Starting all over isn’t either tempting nor something you have the time for. Don’t despair, you’ll get a long way by installing 5 plugins.

January 30, 2014 · 3 min · Bjørn Johansen
a-plus

Optimizing HTTPS on Nginx

Now that you have secured Nginx with HTTPS and enabled SPDY enabled HTTP/2, it’s time to improve both the security and the performance of the server.

January 18, 2014 · 6 min · Bjørn Johansen