A curated guide through every security article on this site — arranged in the order you should tackle them, not by publication date.
1. Understand What You're Up Against
Common Web Attack Bots and Scanners
Config-file harvesters, vulnerability scanners, credential-stuffing bots, and directory brute-forcers — what they look for, why they hurt performance even when they fail, and how to spot them in your logs.
2. Lock the Doors
Hardening SSH on Linux
Ed25519 keys, sshd_config hardening, fail2ban, port changing, and key management — secure the primary door into your server before worrying about anything else.
Securing Nginx and PHP
User separation, PHP-FPM hardening, connection limits, rate limiting, and PHP configuration defaults that won't leave you exposed.
Restoring Real Visitor IPs with Cloudflare
Configure Nginx to restore real visitor IPs behind Cloudflare — correct access logs, rate limiting, and IP-based access control.
3. Monitor and Respond
Fail2ban with nftables and Crowd-Sourced Blacklists
SSH and Nginx forbidden-request jails, AbuseIPDB reporting, incremental banning, and daily blacklist imports from AbuseIPDB, Bitwire, and Spamhaus. Includes the 404 crawl-bot rate-limiting addendum.
Detecting Compromised PHP Sites with a Squid Proxy
Force all PHP outbound traffic through a monitored proxy and trace every external connection back to the exact script and site that made it — catch C2 callbacks and data exfiltration that inbound firewalls miss.
4. Layer Additional Protections
Rate Limiting with Nginx's limit_req
Throttle incoming requests at the server level — static pages, PHP handlers, and login endpoints — before they exhaust your application.
Preventing WordPress Search Overload
WordPress search queries hit the database with no caching layer. Three lines of Nginx config caps them before they become a problem.
Protecting Folders with Nginx Basic Auth
Gate staging sites, admin panels, and internal tools behind a password with SHA-512 hashes, IP allowlists, and fail2ban integration.
Let's Encrypt Without Certbot Touching Your Nginx Config
Issue and renew certificates with certonly — full control of your configuration, no auto-generated edits.