Month: November 2024

Security, Tutorials, WordPress

Block PHP execution in wp-content/uploads on OpenLiteSpeed: the right .htaccess snippet

| by admin | Leave a Comment on Block PHP execution in wp-content/uploads on OpenLiteSpeed: the right .htaccess snippet
Computer monitor displaying terminal output: system metrics, file listings, and kernel error messages — typical sysadmin view (photo: Tima Miroshnichenko)

wp-content/uploads/ is the most predictable target on a WordPress install. It’s writable by the web server (so any compromise that gets a file uploaded lands here), it’s almost never inspected by malware scanners with the same vigilance as wp-includes/, …

Continue reading "Block PHP execution in wp-content/uploads on OpenLiteSpeed: the right .htaccess snippet"
Security, Sysadmin, Tutorials

Hide the OpenLiteSpeed admin panel: bind 7080 to 127.0.0.1 + reach it via SSH tunnel

| by admin | Leave a Comment on Hide the OpenLiteSpeed admin panel: bind 7080 to 127.0.0.1 + reach it via SSH tunnel
Linux ls -la output showing /bin, /boot, /etc, /home, /lib, /sbin and other root directories — typical first view after SSHing into a server (photo: Pixabay / Pexels)

OpenLiteSpeed’s admin panel runs on port 7080 by default and binds to *. That means anyone with your server’s IP can hit https://your-ip:7080/ and reach the admin login form. The form has authentication, sure — but having a login …

Continue reading "Hide the OpenLiteSpeed admin panel: bind 7080 to 127.0.0.1 + reach it via SSH tunnel"