He recommends to protect your wp-admin area using the Apache .htaccess file. Here in detail access is only allowed from IP addresses from where you are logging in. It’s definitely a good way to protect you blog, but often people don’t have a fixed IP address. The DSL provider assigns a different IP address on every dial in. Unfortunately there is no easy way to obtain the network addresses of your DSL provider which can be entered in your .htaccess file.

Another important recommendation: Always keep your server software and WordPress software up to date!

Also remove the following line from your header.php which will show hackers your WordPress version:

<meta name=”generator” content=”WordPress <?php bloginfo(’version’); ?>” /> <!-– leave this for stats please -->

So let’s concentrate on the restricted access in the wp-admin area. It’s a little bit tricky to get the address list of your DSL provider. I’ll explain and show an example script below. First let’s have a look at the video from Matt Cutts.

As step one you have to find out your own IP address. Let’s assume your IP address assigned from your provider is 213.168.95.20 (this is just an example!). Next do a whois lookup:

server:~# whois 213.168.95.20
...
inetnum:        213.168.95.0 - 213.168.98.255
netname:        NC-DIAL-IN-POOL

Have a look at the netname NC-DIAL-IN-POOL. Usually provider assign  a common name for all DSL dynamic address. But we want to add all IP addresses or better all network ranges into our .htaccess file. Ok now we need to get all address ranges with this netname. This can be achieved using the Linux whois tool:

server:~# whois -h whois.ripe.net NC-DIAL-IN-POOL
...
inetnum:        194.8.209.0 - 194.8.209.255
...
inetnum:        194.8.205.0 - 194.8.205.255
...

Fine we get a list with all network ranges from our provider now, but still not the correct netmask format and a lot of other output which we don’t need. Basically it’s possible to manually generate the .htaccess file now. Not big fun… So I’ve created a small perl script which does the job. As small bonus it creates the needed format for .htaccess file which means you are able to directly add the output to your .htaccess file in the wp-admin folder.

Important: Before usage you have to add the netname of the dial-in pool of your provider. How to find it out is described above. Below is only an example. The output will look like:

server:~# ./gethtaccessranges.sh
allow from 194.8.209.0/24
allow from 194.8.205.0/24
allow from 195.14.226.0/24

Finally generate a .htaccess file in your wp-admin/ folder with the content:

order deny,allow
deny from all

and add the output of the script gethtaccessranges.sh below the two lines. That’s it! Now access to wp-admin is only allowed from dynamic IP address from your provider. Sure it’s not the perfect solution but I’ll prevent you from many other hack attempts from all over the world.

At the end of the script there is also an example in case providers use number in their netnames.

#!/usr/bin/perl -w
# gethtaccessranges.sh
# Harald Kraemer 08.08.2010
# www.technnitip.net
#
# NET::CIDR and NET::Whois is need to run this script.
# On debian you can install using apt-get:
# apt-get install libnet-cidr-perl libnet-whois-perl
#
# Important: Replace the netname "NC-DIAL-IN-POOL" at the end of the
# script with the dial-in netname of your provider! Use the command
# whois <my-ip-address> to find out the netname.

use Net::CIDR;
use Net::CIDR ':all';
use Net::Whois::Raw;
use strict;

sub getRanges
{
  my($netname) = @_;
  my $whois;
  my @whois_array;
  my @ranges;

  $whois = whois( $netname, 'whois.ripe.net' );

  @whois_array   = split( "\n", $whois );
  @ranges        = grep( /inetnum:/, @whois_array );

  foreach ( @ranges )
  {
    s/inetnum://g;
    s/ //g;
    s/ - /-/g;

    foreach my $item ( Net::CIDR::range2cidr( $_ ) )
    {
      print "allow from " . $item . "\n";
    }
  }
}

getRanges('NC-DIAL-IN-POOL');

#for( my $i=1; $i <= 30; $i++)
#{
#  getRanges('DTAG-DIAL' . $i);
#}

Doing a backup of a virtual machine can be done using a single command line call:

vcbMounter -a name:"Virtual-Machine-1" -r "/path/to/backup/Virtual-Machine-1"

Ok, your vm named “Virtual-Machine-1″ will now be backuped to the given path. The directory is generated from vcbMounter. The next time you will run vcbMounter it will complain that the directory already exists, so you will have to delete the directory every time before you start the backup:

rm -rf "/path/to/backup/Virtual-Machine-1"
vcbMounter -a name:"Virtual-Machine-1" -r "/path/to/backup/Virtual-Machine-1"

But there is another problem which will cause vcbMounter to complain: For every backup vcbMounter generates a snapshot and will not remove it after backup. What we need is to delete the snapshot before we backup:

vmware-cmd "/vmfs/volumes/storage1/Virtual-Machine-1.vmx" removesnapshots

rm -rf "/path/to/backup/Virtual-Machine-1"

vcbMounter -a name:"Virtual-Machine-1" -r "/path/to/backup/Virtual-Machine-1"

We delete the snapshots for a given virtual machine using “vmware-cmd” and removesnapshots. vmware-cmd needs the path to your .vmx file of the virtual machine. It’s usually stored in /vmfs/volumes/…

vcbMounter does not expect the path to the .vmx. It only needs the name of your virtual machine.

Doing the backup on a NFS mount is also possible. You need to deactive the VMWare ESX firewall and can mount e.g. using “mount -t smbfs”.

Working with MySQL version 5.0.32 and PHP version 5.2.0 on Debian Etch.

Script is designed to run from command line “php optimize.php” maybe from a cron job. Be careful: avoid running this script during your server “rush hour”, it may slow down your server.

<?php
/***********************************************************
 optimimze.php - optimizes all databases and tables of the
                 given mysql host.

 2008 - technitip.net
 ***********************************************************/

$mysqlhost = "localhost"; // enter MySQL host
$mysqluser = "user";      // enter MySQL user
$mysqlpwd  = "password";  // enter password

###########################################

$connection = mysql_connect($mysqlhost, $mysqluser, $mysqlpwd);
if (mysql_error())
{
  echo "Could not connect to database server! " . mysql_error() . "\n";
  exit;
}

$db_list = mysql_list_dbs();
$i = 0;
$cnt = mysql_num_rows($db_list);

while ($i < $cnt)
{
  $db = mysql_db_name($db_list, $i);
  ###########################################
  mysql_select_db($db, $connection);
  $result = mysql_list_tables($db);

  while ($row = mysql_fetch_row($result))
  {
    if ( $db == "information_schema" )
      continue;

    echo $db . " : `" . $row[0] . "`";

    $sql = "OPTIMIZE TABLE `".$row[0]."`";
    $erg = mysql_query($sql, $connection) or die(mysql_error());
    $data= mysql_fetch_array($erg, MYSQL_ASSOC);

    if($data)
    {
      echo " - " . $data['Msg_text'] . "\n";
    }
  }
  ###########################################
  $i++;
}

?>

This script is intended to be called periodically (e.g. every day) from cron:

2 2       * * *   root /root/scripts/mysql_backup.sh

#/bin/sh
now=`date "+%Y-%m-%d"`
user="mysql_user"
password="mysql_password"
path="/home/backup/"

cd $path

mysqldump -u $user -p$password  --all-databases | gzip -c > backup_all_$now.sql.gz

# delete files older than 3 days
find . -name "*.gz" -type f -mtime +3 -exec rm {} ";"