Access Control Door Types

Types of doors used in access control applications:

  • Standard
  • Turnstile
  • Gate (parking gate)
  • Double barrier
  • Locker
  • Elevator door
  • Standard (door with a metal key lock and without an electronic lock)

Door modes:

  • Free access (free passage) – Door is unlocked
  • Secure – Door is locked and will unlock with a valid credential
  • Locked – Door is locked, but will not open even with valid credential.  Must be placed in free access or secure mode to unlock)

Door statuses:

  • Normal
  • Alarm
    • Held (Open too long)
    • Forced (Forced open)
    • Tamper
  • Open (Ajar)
  • Unlocked

WordPress’ .htaccess rules Decoded

If your WordPress’ .htaccess file has not been modified it should look like this:

# BEGIN WordPress / # END WordPress Tags

WordPress may modify anything within these two tags and anything you add should be outside of these tags.  Source: WordPress Codex

<IfModule mod_rewrite.c> / </IfModule> Tags

If your server doesn’t have the rewrite module or it isn’t properly enabled, the rewrite rules with the If tags will not be executed. Sources: WordPress Codex Using_Permalinks, Glossary

RewriteEngine On

The RewriteEngine directive enables or disables the runtime rewriting engine. Source: Apache documentation

RewriteBase /

The RewriteBase directive allows you to define a root directory for your website.  Source: RationalSpace RewriteBase Explained

RewriteRule ^index\.php$ – [L]

Prevents requests for index.php from being rewritten, to avoid infinite loops. If the request is for index.php the directive does nothing – and stops processing rules [L]. Source: StackOverflow

[L] flag

The [L] flag causes mod_rewrite to stop processing the rule set. In most contexts, this means that if the rule matches, no further rules will be processed. Source: Apache documentation

-f and -d flags

These Rewrite Condition flags allow you to perform various file attribute tests

-f
Is regular file.
Treats the TestString as a pathname and tests whether or not it exists, and is a regular file.

-d
Is directory.
Treats the TestString as a pathname and tests whether or not it exists, and is a directory.

Source: Apache documentation

The remaining code:

Are rules that are processed in order.  First it checks for a filename, then it checks for a directory, and if both of those fail the request is redirected to index.php. Source: SitePoint

How To Check If Your Site is Blacklisted by Google

Occasionally, you should verify that your site is still appearing as it should in search engine results (especially if you don’t use managed hosting or another site scanning service).

Getting de-listed from Google or any other search engine could be devastating.

In the Google.com search bar type in site:yourdomain.com where you replace yourdomain.com with your domain name.  Example: site:scottontechnology.com

Your main domain should be in the top search results along with other popular or top-level pages.

Going directly to your website ie http://yourdomain.com might still appear normally as some malware redirects only affect search engine referral traffic.

Signs that your sight might be hacked, serving SPAM, or de-indexed

What to watch for:

  1. Significant drops in traffic per analytics reports
  2. A warning in search engine results stating that “This site might be hacked”
  3. Long connection times in FTP access
  4. Large backups or backups that fail to complete
  5. Security alerts from Google Search Console (formerly Webmaster Tools)

Other blacklist sites to check:

  1. https://sitecheck.sucuri.net/
  2. http://mxtoolbox.com/BrandReputation.aspx
  3. http://www.bannedcheck.com/

Other search engines to check:

  1. Bing/MSN: http://www.bing.com/
  2. DuckDuckGo: https://duckduckgo.com/
  3. Yahoo: https://search.yahoo.com/
  4. AOL: http://search.aol.com/

Inspired by: https://woorkup.com/how-to-check-if-a-domain-is-blacklisted-by-google/

Review of “5 Simple .htaccess Tips to Tighten Your Site’s Security”

The article published on June 26, 2014 provides 5 Tips for upping a WordPress site’s security.  Original article: https://premium.wpmudev.org/blog/5-simple-htaccess-tips-to-tighten-your-sites-security/

The tips are:

  1. Protecting wp-config.php
  2. Prevent Directory Browsing
  3. Prevent Image Hot Linking
  4. Restrict Access to Your Admin Area
  5. Protect Your .htaccess File

Of these recommendations, you can test quickly whether you are already protected against some of these.  You should get a blank page or a 403 Forbidden page.  Quick test:

  1. http://yourdomain.com/wp-config.php
  2. http://yourdomain.com/wp-content/uploads/
  3. See the section below (coming soon)
  4. See the section below (coming soon)
  5. http://yourdomain.com/.htaccess

1.  Protecting wp-config.php

The Protecting wp-config.php advice comes directly from WordPress.org http://codex.wordpress.org/Hardening_WordPress#Securing_wp-config.php

Test it: http://yourdomain.com/wp-config.php