WordPress, mod_rewrite and mod_security

Being conscious of web security is sometimes a real pain in the you know what.  I’m seeing some attempts to directly access some scripts on WordPress sites I maintain that should not be directly accessed.  No harm is being done, but there are “500 Internal Server Error” results being generated that should instead be “403 Forbidden” or “404 Not Found”.

I’ve made a few stabs at changing the re-write rules and am now looking the mod_security rules as perhaps a better method to trap the errors.  In both cases, there appears to a lack of good tools to use for testing the rules without making them active on a website somewhere.  And this is making it more complicated of course to get the rules right!

Stay tuned…  I’ve got a few more ideas and if I get this sorted out to my satisfaction, I’ll be posting an update on some good ways to protect areas of WordPress that should not be directly accessed via browser requests.  I haven’t found much on this topic in my searches on the web.  In fact, many places I find recommend turning off mod_security for WordPress.  I had a site hacked once with a SQL Injection attack because I had followed that advice.  I’m doing what I can to prevent that in the future!

Inspiration: The Art of Non-Conformity

I follow a number of bloggers and one that I want to acknowledge today is Chris Guillebeau who writes the blog The Art of Non-Conformity.  I finished reading his article on 279 Days to Overnight Success this morning and found it jammed full of little pearls of wisdom and useful resources.

One I plan to embrace is to avoid Adsense and related technologies.  I may point out products I’ve found useful and may even establish affiliate accounts with the provider in event a reader does follow a link to purchase.  I will not however be creating space on the page specifically targeted for advertising products that are not my own, should I eventually have any.  Another way of stating my intent is that the Firefox plugin AdBlock Plus should not block any content on this site.

I also plan to take things slow.  Chris recommends building a store of content, about 3 months worth, before really launching a site.  I like this idea, even though it means a fair amount of work with little external validation on the effort.  I already have about 10 draft articles started, some are just concepts, others a bit more roughed out and still needing some polish before they are ready.  In the early stages, the published articles will be focused on setting up the web site and track the evolution of my thoughts on what this site will become.

If you are thinking of starting a blog, or even want to re-imagine one you already have, I strongly recommend checking out Chris’s site.

Setting things up: Twitter done

I setup a twitter account @AnActionADay and was getting ready to put a page up on Facebook and had second thoughts.  Do I want to get a page going for it yet?  Maybe it would be better to start out feeding these updates into my personal facebook page and as this grows, open a facebook page.  I need 25 followers on facebook before I can reserve a name anyway so I’ll need a bit of a following to get it going.

Facebook can wait.  Enough to focus on getting an identity for the blog and twitter account.  I was surprised to actually get a relevant follower on twitter (or at least what looks like one) shortly after setting the account up, and before sending my first tweet!

Starting… An Action A Day

“Whatever you can do or dream you can, begin it. Boldness has genius, power and magic in it.” — Goethe as paraphrased by John Anster in 1835

This is the start of something … big?  I’ve had this idea kicking around in my head for at least a year.  An action a day gets all sorts of things accomplished.  It’s a pretty simple plan, but one that I’ve found hard to achieve in real life.  Each day, accomplish one thing that takes me closer to what I want to be, to do, to have, to …

I’ve been a procrastinator for a long time. OK, a long, long time.  I’ve read books multiple books how to move from a habit of procrastination to a habit of results and accomplishment.  Some ideas, a few, have stuck and most … haven’t.  And it’s not entirely about the end state.  The joy is in the journey, the daily accomplishments and the challenges that are met along the way.

So my new plan, each day, move a step along the path to achieve my dreams.

My action for today?  Registering my new domain name Action-A-Day.com, setting up an initial wordpress blog and I’ll also go get a twitter and facebook presence created.

My vision for this site is the share my adventure and inspire others to begin a similar journey of their own.

css.php