Remove iThemes Security Lockouts Script

I decided to create a command line PHP script that would list the current iThemes Security Logs and also allow you to remove them based on IP Address. Here is the script which I’ve called “ithemes-clearip.php” and it’s Github link, its dirty and really was made in like 15 minutes.

https://github.com/jordantrizz/wordpress-scripts

<?
// List and remove iThemes Security Log entries based on IP Address
// Options
$shortopts ="d:";
$shortopts .="l";
$options = getopt($shortopts);
//Database Connect
require_once("wp-config.php");
$link = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$database_name = DB_NAME;
if ($conn->connect_error) {
  die("Cant connect to database using wp-config.php details - Connection failed: " . $conn->connect_error);
}
if(!$options) {
  print "There was a problem reading in the options.\n\n";
  exit(1);
}
if(array_key_exists("d",$options)) {
  $ip = $options["d"];
  if(filter_var($ip, FILTER_VALIDATE_IP)){
    echo "Deleting all entries for IP Address ". $options["d"] ." in $database_name\n\n";
    $sql="delete from ".$database_name.".wp_itsec_log where log_host = \"".$ip."\"\n\n";
    echo $sql;
    if($link->query($sql) === TRUE) {
      echo "Deleted ". mysqli_affected_rows($link)." rows\n\n";
    } else {
      echo "Error deleting record: " . $conn->error;
    }
  } else {
    print "You didn't specify a correct IP Address.\n\n";
    exit(1);
  }
} elseif(empty($options["l"])) {
  $sql = 'SELECT log_host,log_date from wp_itsec_log';
  $result = $link->query($sql) or die(mysql_error());
  if (!$result) {
    print 'Could not run query: ' . mysql_error();
    exit;
  }
  print "\nLog Host\tLog Date";
  print "\n-----------------------------------";
  while($row = mysqli_fetch_row($result)) {
    print "\n".$row['0']."\t".$row['1'];
  }
  print "\n";
  mysqli_close($link);
}
?>

 

 

Microsoft IIS 7.5 Best Practices

I thought everyone should take a look at this quick Micrsoft IIS 7.5 Best Practices article, it talks a little bit about security but mostly just what not to leave on was default. If you have any other sites or information you want to share, please comment!

http://adminspeak.wordpress.com/tag/iis-7-5-best-practices/

WordPress and Protecting Directories with .htaccess

You’ll find sometime that when you deploy WordPress in order for permalinks to work correctly you need a proper .htaccess file. This .htaccess also affects anything else you place within your web root when WordPress lives.

For instance if you need to password protect a directory within the your webroot where WordPress lives. You’ll find that when you do so, and try to visit that folder in a web browser that a 404 WordPress page will be displayed. To fix this, you simply need to add the following to your main .htaccess file that has your WordPress rules.

ErrorDocument 401 default

This should then allow you to use your password protected directories as you normally would if you didn’t have WordPress installed.

Source: http://www.andrewrollins.com/2008/01/22/wordpress-and-htaccess-password-protected-directories/