Control Apache’s public server information

By default Apache displays information about itself in the server signature included with reply headers and sometimes auto-generated pages. This information can give away important clues, like the exact version number of a module or Apache itself.

While obscurity never increases security since exploits can be attempted on the service regardless, knowing exact version information and running modules certainly provides a potential hacker with useful clues and eases the task.

How to exclude subfolder from password protection with .htaccess

You sometimes need to password protect a folder or an entire account/website from direct access. That’s easily done with the appropriate .htaccess file in the protected folder plus the mandatory .htpasswd file with the correct user and password combination(s).

But what do you do when you want to enable direct access to a subfolder of the protected folder?

Quickly limiting access to php scripts using .htaccess

Sometimes one needs to quickly block access to offending scripts – like for instance when a site has been hacked and malicious files have been uploaded to the account and are used to send out spam emails.

Apache provides a simple way to block out files from being accessible to visitors. And as most intrusions involve directly access hacked php files, the bit below will do wonders at blocking out those direct calls while leaving the main site fully functional (sort of).

WordPress incorrectly loads styles, scripts via HTTPS and the solution

I’ve recently stumbled upon the weird issue of Wordpress loading its styles and scripts via HTTPS although it wasn’t configured to use SSL. The website did indeed have a SSL certificate installed and usable.

I eventually found some useful information about Wordpress’ is_ssl() function…