All posts by frank

Adding Strict Transport Security Response Header in IIS

Make sure the web.config file in the root directory of your website is not set to read only on the properties page for that file.

Open Internet Information Services Manger.  Select the website where you want to add this Strict-Transport-Security response header.  Double click and select the Icon for HTTP Response Headers.

In HTTP Response Headers window, click on Add… on the right pane and type in Strict-Transport-Security for Name and max-age=63072000; includeSubDomains; preload for Value and click OK. The max-age value 63072000 is the number of seconds for the duration of two years. You need to enter a value of at least one year.

Source URL for this information:

https://www.itnota.com/setup-http-strict-transport-security-hsts-iis/

Disable xmlrpc.php in WordPress

See: https://www.hostinger.com/tutorials/xmlrpc-wordpress

What Is Xmlrpc.php in WordPress and Why You Should Disable It

Simply navigate to the Plugins › Add New section from within your WordPress dashboard. Search for Disable XML-RPC and install the plugin .

If you’d want to only turn certain elements of XML-RPC off, but still allow certain plugins and features to work, then use the following plugins instead:

  • Stop XML-RPC Attack. This plugin will stop all XML-RPC attacks, but it’ll continue to allow plugins like Jetpack, and other automatic tools and plugins to retain access to the xmlrpc.php file.
  • Control XML-RPC Publishing. This allows you to retain control and use over the remote publishing option afforded by xmlrpc.php.