Protect WordPress login page

I have a WordPress site. Like with many WordPress sites I see people (probably robots) trying their luck at the login page every once in a while. However, for the past 2 weeks it’s been non-stop at a rate of 400-500 tries a day… So I went ahead a...
more »

2017-08-13 19:08 (1) Answers

How To Secure Erlang Cluster Behind Private Subnet

I am testing Erlang and have a few questions related to Security of the Distribution. (There is a lot of mixed information out there) These type of questions come with lots of opinions related to situations, and depends on personal comfort level on...
more »

2017-08-13 15:08 (2) Answers

Vulnerabilties Pleks VS cPanel

As a web hosting reseller i have a question: Pleks or cPanel I mean, who is more secure ? With less hack vulnerabilities ? Some people tell me Plesk is more secure and with cPanel you have a lot of security breach. Thank you. ...
more »

2017-08-13 14:08 (3) Answers

Encrypting and comparing hashes

Checked a lot of tutorials and guides about Encrypting and Hashing on StackOver and I do now understand the difference between both of them. Encryption when we need decryption. Hash when you don't (e.g: passwords). But my question today is, for gene...
more »

2017-08-13 12:08 (3) Answers

Bare Domain CDN Security

Outside normal arguments for and against bare domains, does a subdomain provide additional security and operational benefits for a CDN provider? Which DNS settings are used that allow CNAME Flattening / ALIAS Records / ANAME Records to provide the s...
more »

2017-08-13 02:08 (0) Answers

which php uniquid generator?

I am confused on how and when to use a random generator for different cases and, it is getting more and more complicated for me. in spite of the uniqueness of mt_rand(); It is still said that it is not secure to use it for generating a random salt a...
more »

2017-08-12 20:08 (0) Answers

Encryption vs Hashing Passwords

Suppose I want develop a authetication/user system, and I'd like to be able to recover original users passwords if I need, what are the disvantages to encrypt password vs hashing from the security point of view? Of course the application will use ju...
more »

2017-08-12 12:08 (2) Answers

Cannot save Security Item to Keychain

I am trying to save SecIdentity item into the keychain using Swift 3. After saving status of operation is alway 0 (Successful), but when I try to retrieve the saved one, status is -25300 (which means that object does not exist) What I'm doing wrong? ...
more »

2017-08-12 08:08 (0) Answers

Symfony Role and security explained

I'm trying to learn the Symfony roles and security. My current security.yml file, looks like this: role_hierarchy: ROLE_USER: ROLE_DO_ALMOST_NOTHING ROLE_EDITOR: [ ROLE_USER, ROLE_ALLOWED_TO_EDIT ] ROLE_CONTRIBUTOR: [ ROLE_EDITOR, ROLE...
more »

2017-08-11 22:08 (1) Answers

Workaround for 'Access is denied' for LocalService

I have a Windows service that performs some network-related actions on behalf of the logged-in user who configures the service using a separate front-end UI. The UI and the Windows service communicate using a socket interface, i.e., the UI sends com...
more »

2017-08-11 20:08 (1) Answers

Create fronting banner before logging in to SSRS

I'm looking for a way to display a banner before you have the option to logon or run any reports in SSRS. In the style of a "by continuing you agree to the following". I know custom forms authentication would be an option, but is there another method...
more »

2017-08-11 17:08 (0) Answers

Xmlrpc is vulnerable to xxe attack?

May be this is out of the topic but it is important aspect for me, so i am now asking to you guys, I have a website contains the xmlrpc.php file then Is it vulnerable to the xxe attack like if any one can pull out all the methods by using the system...
more »

2017-08-11 11:08 (1) Answers

PasswordVault security when used from Desktop app

I'd like to use Windows.Security.Credentials.PasswordVault in my desktop app (WPF-based) to securely store a user's password. I managed to access this Windows 10 API using this MSDN article. I did some experiments and it appears that any data writt...
more »

2017-08-11 10:08 (1) Answers

OAuth 2 each grant type examples

What are area we can use each of the grant types, e.g. Authorization code grant we use to sign into an application using your Facebook or Google account. Where we can use other grant types, some real life examples we already seen ? ...
more »

2017-08-11 07:08 (0) Answers

How to avoid apache content spoofing

I need to avoid content spoofing or user input injection on my based web application. Right now If I access an non-existent file or URL I'll see my custom 404 page but if for example I access to a existent file but add additional parameters like this...
more »

2017-08-10 22:08 (0) Answers

Roles, Groups and Users

I have created a Group and added a user to that Group. The User shows as being a member of the group. (This is a Win 10 machine) When I Iterate thru the groups that the user is a member of, the iteration fails on the last entry (I suspect this is...
more »

2017-08-10 20:08 (0) Answers

User account database in cansecurity

I'm creating some toy applications and i need SSO and API authorization for multiple RESTful node.js/ Express applications. I discovered cansecurity can do the job. But i don't understand where does the user account information reside. From the gith...
more »

2017-08-10 20:08 (0) Answers