1. Create a .htpasswd file:
   Use an online htpasswd generator to create a user and encrypted password.
   Save it outside the public directory (e.g., /home/username/.htpasswd).

2. Edit your .htaccess file:
   Open the .htaccess file in the root of your WordPress site, or create one in the same directory as wp-login.php:

   <Files wp-login.php>
AuthType Basic
AuthName "Restricted Access"
AuthUserFile /full/path/to/.htpasswd
Require valid-user
</Files>


   ⚠️ Replace /full/path/to/.htpasswd with the actual path to your .htpasswd file.

3. Save and test:
   When you visit wp-login.php, it will now prompt for a username and password before showing the login page.

The post How can we protect wp-login without any plugins? appeared first on CNERIS.

How to disable REST API access for unauthenticated users?

By default, WordPress allows certain REST API endpoints to be publicly accessible. To restrict this access, you can use the rest_authentication_errors filter. The following code blocks REST API requests for any unauthenticated user and returns a custom error message.

What does this code do?

1. Filter rest_authentication_errors: This filter is used to handle authentication errors in the REST API.
2. Check for pre-existing errors: If $result already contains an error, it returns it as is.
3. User session verification: If the user is not logged in (!is_user_logged_in()), it returns a WP_Error with a custom message and an HTTP 401 (Unauthorized) status code.
4. Return results: If none of the above conditions are met, it proceeds with normal request handling.

Result

With this code in place, any unauthenticated user will receive an error message stating they must log in to access the REST API. This effectively secures your REST API from unauthorized access.

The post How to disable REST API access for unauthenticated users? appeared first on CNERIS.

Steps:

1. Open the functions.php file of your active theme or create a custom plugin for this adjustment.
2. Add the following PHP code to disable the REST API for unauthenticated users:

3. Save the changes and verify that unauthenticated users can no longer access the REST API.

The post How to disable the REST API in WordPress using PHP code appeared first on CNERIS.

1. Limit Access to Sensitive Information

• Disable the ability to view user details via URLs like ?author=1.
  Add the following code to your functions.php file:
  php

  Copiar código

  add_action('template_redirect', function() {
if (is_author()) {
wp_redirect(home_url());
exit;
}
});


2. Use Security Plugins

Install plugins like Wordfence or All In One WP Security to monitor and block suspicious activities. These plugins can detect and prevent user enumeration attempts.

3. Block User Enumeration via .htaccess

For Apache servers, use the following code in the .htaccess file to block requests targeting usernames:

4. Implement Strong Password Policies

Encourage all users to use strong passwords and enable two-factor authentication (2FA) to add an extra layer of security.

5. Monitor Logs for Suspicious Activity

Regularly review your website logs for unusual activity or repeated attempts to access user information.

6. Keep WordPress Updated

Always use the latest version of WordPress, plugins, and themes to ensure known vulnerabilities are patched.

By following these steps, you can significantly reduce the risk of user enumeration and keep your WordPress site secure.

The post How to Protect WordPress from User Enumeration appeared first on CNERIS.

1. Database issues: If your server relies on a database (like MySQL or MariaDB), slow or unoptimized queries can delay response generation. Ensure that tables are properly indexed and that there are no queries taking too long to execute.
2. Server performance: If your server is underperforming (CPU overload, low RAM, or high disk usage), request processing will be slower. Check resource usage using tools like top or htop to identify bottlenecks.
3. Web server configuration: If your web server (such as Apache or Nginx) is not optimized, it could cause delays. Reviewing configurations like output compression (Gzip), caching usage, and concurrent connection parameters can help improve TTFB.
4. Slow connection to external networks: If your server relies on external services (APIs, data sources) or is located in a data center far from your users, network latency can increase the TTFB.
5. Caching: If caching is not properly used, every request needs to be processed from scratch. Setting up appropriate caching on the server can significantly reduce TTFB.

The post why does my server have a high ttfb? appeared first on CNERIS.

1. SSL Labs:
   • Use the free service from SSL Labs to perform a comprehensive analysis of your SSL certificate, including the SSL/TLS negotiation.
   • Simply enter your website URL, and it will generate a detailed report about supported SSL/TLS versions, cipher configurations, and more.
2. OpenSSL:
   • From the command line, you can use openssl to test SSL/TLS negotiations.
   • Example:
     openssl s_client -connect yourwebsite.com:443


     This will give you details about the SSL handshake process, including TLS version and certificates.

3. Nmap:
   • Nmap, with the ssl-enum-ciphers script, can help you verify SSL negotiations.
   • Example:
     nmap --script ssl-enum-ciphers -p 443 yourwebsite.com

The post How can I test the SSL negotiation of my website appeared first on CNERIS.

1. Load testing: Use tools like Apache JMeter, Loader.io, or k6 to simulate multiple users making requests to your website simultaneously. This will help you determine how many requests your website can handle before performance starts to degrade.
2. Server resource monitoring: During load testing, monitor the server’s CPU, memory, and bandwidth usage to identify bottlenecks.
3. Web server tuning: Adjust the web server configuration to optimize the handling of concurrent connections, such as setting the maximum number of simultaneous connections (e.g., in Apache or Nginx).
4. Test results: Load testing tools will provide a detailed report that shows the maximum number of requests your server can efficiently handle.

The post How can I measure the number of requests a website can handle? appeared first on CNERIS.

Key functions of TPM:

1. Secure storage of cryptographic keys: TPM allows for the generation and secure storage of private and public keys used to encrypt data and authenticate users or systems.
2. Cryptographic key generation: The module can generate cryptographic keys directly within the chip, ensuring they never leave the chip.
3. Secure Boot: TPM verifies that the boot software has not been tampered with. If it detects any irregularity, it will prevent the system from starting.
4. Integrity measurement: During boot, TPM measures critical system components (firmware, kernel) to ensure they have not been altered.
5. Protection against unauthorized access: TPM uses advanced encryption algorithms to prevent unauthorized access to the data stored on the device.

Common uses of TPM:

• Full disk encryption: Tools like BitLocker on Windows use TPM to encrypt the entire hard drive and ensure that only authorized users can access the data.
• Device authentication: TPM can be used to secure device authentication in networks and systems, adding an extra layer of protection.
• Malware protection: It helps detect and prevent the execution of malicious software during system boot.

The post Trusted Platform Module (TPM) appeared first on CNERIS.

Impact on the tech industry:

1. Cybersecurity: Quantum computing has the potential to break many of the cryptographic algorithms currently in use. This will necessitate a new form of cryptography, known as quantum cryptography, which could offer levels of security unachievable with current technology.
2. Problem Optimization: Quantum algorithms provide significant speed improvements in solving optimization problems, which is crucial for industries like logistics, pharmaceutical research, and artificial intelligence.
3. Material Simulation: Quantum computers can simulate molecular interactions with high accuracy, which could revolutionize fields such as energy, materials, and medicine, enabling discoveries that would not be possible with traditional computing.

The post Quantum computing is an emerging branch of technology that utilizes the principles of quantum appeared first on CNERIS.

1. Access Security Settings: Log into your account and navigate to the settings or security section.
2. Select 2FA Option: Look for an option labeled “Two-Factor Authentication”, “Two-Step Verification”, or something similar and select it.
3. Choose a 2FA Method: You can typically choose between receiving a code via SMS, using an authentication app like Google Authenticator or Authy, or using a physical security device.
4. Set Up Your Chosen Method:
   • For SMS: Enter your phone number and confirm the code you receive.
   • For Authentication Apps: Scan the provided QR code with the authentication app and store the verification code it generates.
   • For Physical Devices: Connect your device and follow the instructions to link it to your account.
5. Save Backup Codes: When setting up 2FA, you will be provided with backup codes. Store these in a secure place; they will allow you to access your account if you lose access to your 2FA method.
6. Confirm Setup: Complete the process and ensure 2FA is active by checking your security settings.

The post Setting Up Two-Factor Authentication (2FA) appeared first on CNERIS.