ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    How to Secure a Website at Home

    Scheduled Pinned Locked Moved Water Closet
    58 Posts 8 Posters 5.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JaredBuschJ
      JaredBusch @scottalanmiller
      last edited by

      @scottalanmiller said in How to Secure a Website at Home:

      If he wasn't on WordPress, he could host for FREE with GitLab, CloudFlare or several other free enterprise hosts.

      GitLab Pages is where my poor under populated blog resides.

      hobbit666H 1 Reply Last reply Reply Quote 0
      • stacksofplatesS
        stacksofplates @1337
        last edited by stacksofplates

        @pete-s said in How to Secure a Website at Home:

        @stacksofplates said in How to Secure a Website at Home:

        @stacksofplates said in How to Secure a Website at Home:

        You could just put an API gateway in front. They are usually easier to configure for auth than a reverse proxy.

        Krakend is just a json config: https://www.krakend.io/docs/authorization/client-credentials/

        Kong has an open source plugin for oidc.

        They're both easy to configure. Then you could just limit logins by Google account or whatever through something like Auth0.

        You could do that on wordpress directly too I believe.

        This blocks you before you even hit that though, so you don't need to worry about vulnerabilities in WordPress. Then just pass the JWT through to WP.

        1 1 Reply Last reply Reply Quote 0
        • 1
          1337 @stacksofplates
          last edited by 1337

          @stacksofplates said in How to Secure a Website at Home:

          @pete-s said in How to Secure a Website at Home:

          @stacksofplates said in How to Secure a Website at Home:

          @stacksofplates said in How to Secure a Website at Home:

          You could just put an API gateway in front. They are usually easier to configure for auth than a reverse proxy.

          Krakend is just a json config: https://www.krakend.io/docs/authorization/client-credentials/

          Kong has an open source plugin for oidc.

          They're both easy to configure. Then you could just limit logins by Google account or whatever through something like Auth0.

          You could do that on wordpress directly too I believe.

          This blocks you before you even hit that though, so you don't need to worry about vulnerabilities in WordPress. Then just pass the JWT through to WP.

          True, but you can authenticate directly on apache too - before wordpress is involved. Apache can do both oidc and saml. Nginx can only do oidc afaik.

          stacksofplatesS 1 Reply Last reply Reply Quote 0
          • stacksofplatesS
            stacksofplates @1337
            last edited by

            @pete-s said in How to Secure a Website at Home:

            @stacksofplates said in How to Secure a Website at Home:

            @pete-s said in How to Secure a Website at Home:

            @stacksofplates said in How to Secure a Website at Home:

            @stacksofplates said in How to Secure a Website at Home:

            You could just put an API gateway in front. They are usually easier to configure for auth than a reverse proxy.

            Krakend is just a json config: https://www.krakend.io/docs/authorization/client-credentials/

            Kong has an open source plugin for oidc.

            They're both easy to configure. Then you could just limit logins by Google account or whatever through something like Auth0.

            You could do that on wordpress directly too I believe.

            This blocks you before you even hit that though, so you don't need to worry about vulnerabilities in WordPress. Then just pass the JWT through to WP.

            True, but you can authenticate directly on apache too - before wordpress is involved. Apache can do both oidc and saml. Nginx can only do oidc afaik.

            Only nginx plus can do oidc. Apache can but it's more difficult which is why I mentioned the gateways. It's much easier to configure auth and things like rate limiting with an API gateway.

            stacksofplatesS 1 Reply Last reply Reply Quote 0
            • stacksofplatesS
              stacksofplates @stacksofplates
              last edited by

              The reverse proxy aspect only really adds benefit when you need to load balance across multiple services.

              1 Reply Last reply Reply Quote 0
              • hobbit666H
                hobbit666 @JaredBusch
                last edited by

                @jaredbusch said in How to Secure a Website at Home:

                @scottalanmiller said in How to Secure a Website at Home:

                If he wasn't on WordPress, he could host for FREE with GitLab, CloudFlare or several other free enterprise hosts.

                GitLab Pages is where my poor under populated blog resides.

                I'll give gitlab a go 😁

                1 Reply Last reply Reply Quote 0
                • hobbit666H
                  hobbit666 @1337
                  last edited by

                  @pete-s said in How to Secure a Website at Home:

                  I think it would be easier to just setup a $5/month vultr instance. From what you say, there is no real reason why it has to be hosted at home.

                  But that will cost me 😁 this is only to host a few static pages.

                  ObsolesceO scottalanmillerS 2 Replies Last reply Reply Quote 0
                  • ObsolesceO
                    Obsolesce @hobbit666
                    last edited by

                    @hobbit666 said in How to Secure a Website at Home:

                    @pete-s said in How to Secure a Website at Home:

                    I think it would be easier to just setup a $5/month vultr instance. From what you say, there is no real reason why it has to be hosted at home.

                    But that will cost me 😁 this is only to host a few static pages.

                    You can do that for free at Gitlab, GitHub, AWS, Azure, GCP, etc...

                    Why wast time and resources doing it at home?

                    hobbit666H 1 Reply Last reply Reply Quote 0
                    • hobbit666H
                      hobbit666 @Obsolesce
                      last edited by

                      @obsolesce said in How to Secure a Website at Home:

                      You can do that for free at Gitlab, GitHub, AWS, Azure, GCP, etc...

                      Why wast time and resources doing it at home?

                      I tried WordPress free hosting, but to use plugins you have to pay 😢

                      Never heard of Gitlab before until Jared mentioned it. AWS / Azure wasn't aware of any free teirs after trial periods have finished, but will look closer see what I can find.

                      stacksofplatesS ObsolesceO 2 Replies Last reply Reply Quote 0
                      • stacksofplatesS
                        stacksofplates @hobbit666
                        last edited by

                        @hobbit666 said in How to Secure a Website at Home:

                        @obsolesce said in How to Secure a Website at Home:

                        You can do that for free at Gitlab, GitHub, AWS, Azure, GCP, etc...

                        Why wast time and resources doing it at home?

                        I tried WordPress free hosting, but to use plugins you have to pay 😢

                        Never heard of Gitlab before until Jared mentioned it. AWS / Azure wasn't aware of any free teirs after trial periods have finished, but will look closer see what I can find.

                        GCP has an always free tier. GitLab pages and GitHub pages will host static sites for free.

                        I have my wife's business site on gitlab pages and I have a static site for documentation for an API I wrote on GitHub pages and I have a project I wrote on Vercel. Vercel is by far the most featureful and IMO better than the others. It will host the static sites and server less functions.

                        They work really well.

                        1 Reply Last reply Reply Quote 1
                        • ObsolesceO
                          Obsolesce @hobbit666
                          last edited by

                          @hobbit666 said in How to Secure a Website at Home:

                          @obsolesce said in How to Secure a Website at Home:

                          You can do that for free at Gitlab, GitHub, AWS, Azure, GCP, etc...

                          Why wast time and resources doing it at home?

                          I tried WordPress free hosting, but to use plugins you have to pay 😢

                          Never heard of Gitlab before until Jared mentioned it. AWS / Azure wasn't aware of any free teirs after trial periods have finished, but will look closer see what I can find.

                          We'll technically it might cost you $0.02 a month to host a static site on Azure/AWS. It costs me $0.01 a month for my static site on Azure because the storage costs. But it's totally free on the others I mentioned.

                          hobbit666H 1 Reply Last reply Reply Quote 0
                          • scottalanmillerS
                            scottalanmiller @hobbit666
                            last edited by

                            @hobbit666 said in How to Secure a Website at Home:

                            @pete-s said in How to Secure a Website at Home:

                            I think it would be easier to just setup a $5/month vultr instance. From what you say, there is no real reason why it has to be hosted at home.

                            But that will cost me 😁 this is only to host a few static pages.

                            If the pages are static how did WordPress get involved?

                            JaredBuschJ hobbit666H 2 Replies Last reply Reply Quote 0
                            • JaredBuschJ
                              JaredBusch @scottalanmiller
                              last edited by

                              @scottalanmiller said in How to Secure a Website at Home:

                              If the pages are static how did WordPress get involved?

                              Because User

                              hobbit666H 1 Reply Last reply Reply Quote 1
                              • hobbit666H
                                hobbit666 @JaredBusch
                                last edited by

                                @jaredbusch said in How to Secure a Website at Home:

                                @scottalanmiller said in How to Secure a Website at Home:

                                If the pages are static how did WordPress get involved?

                                Because User

                                ^^this 😁

                                1 Reply Last reply Reply Quote 0
                                • hobbit666H
                                  hobbit666 @scottalanmiller
                                  last edited by

                                  @scottalanmiller said in How to Secure a Website at Home:

                                  If the pages are static how did WordPress get involved?

                                  Although they are static pages I wanted to use a light box type Plug-in so I can use larger images but display as thumbnails. Just thought a easy with WordPress and that's was the first thing I thought of.

                                  But was happy to install anything

                                  (Before its mentioned, yes you can most probably do it all with just HTML/PHP but my coding knowledge is zero now a day)

                                  1 Reply Last reply Reply Quote 0
                                  • hobbit666H
                                    hobbit666 @Obsolesce
                                    last edited by

                                    @obsolesce said in How to Secure a Website at Home:

                                    We'll technically it might cost you $0.02 a month to host a static site on Azure/AWS. It costs me $0.01 a month for my static site on Azure because the storage costs. But it's totally free on the others I mentioned.

                                    OK that should a lot better 😁 will have to look more into their offerings, I just assumed pricing was a bit hight then that. Like Vultr etc etc

                                    ObsolesceO 1 Reply Last reply Reply Quote 0
                                    • ObsolesceO
                                      Obsolesce @hobbit666
                                      last edited by

                                      @hobbit666 said in How to Secure a Website at Home:

                                      @obsolesce said in How to Secure a Website at Home:

                                      We'll technically it might cost you $0.02 a month to host a static site on Azure/AWS. It costs me $0.01 a month for my static site on Azure because the storage costs. But it's totally free on the others I mentioned.

                                      OK that should a lot better 😁 will have to look more into their offerings, I just assumed pricing was a bit hight then that. Like Vultr etc etc

                                      I thought static as in literally static html pages. If you are talking about WordPress and PHP pages, that won't work on anything I mentioned, unless you have something running somewhere else that converts them to static HTML pages and pushes them to there.

                                      hobbit666H 1 Reply Last reply Reply Quote 0
                                      • hobbit666H
                                        hobbit666 @Obsolesce
                                        last edited by

                                        @obsolesce said in How to Secure a Website at Home:

                                        I thought static as in literally static html pages. If you are talking about WordPress and PHP pages, that won't work on anything I mentioned, unless you have something running somewhere else that converts them to static HTML pages and pushes them to there.

                                        It was going to be static but wanted to upload larger images but not have them taking up the page, and just clicking to enlarge for full view. Hence thinking a CMS with light box.
                                        But happy if there's a simple was to do it with just HTML and PHP 😁😁😁😁

                                        As I mentioned my coding skills were lost 20+ years ago 😁😁

                                        stacksofplatesS scottalanmillerS 3 Replies Last reply Reply Quote 0
                                        • stacksofplatesS
                                          stacksofplates @hobbit666
                                          last edited by

                                          @hobbit666 said in How to Secure a Website at Home:

                                          @obsolesce said in How to Secure a Website at Home:

                                          I thought static as in literally static html pages. If you are talking about WordPress and PHP pages, that won't work on anything I mentioned, unless you have something running somewhere else that converts them to static HTML pages and pushes them to there.

                                          It was going to be static but wanted to upload larger images but not have them taking up the page, and just clicking to enlarge for full view. Hence thinking a CMS with light box.
                                          But happy if there's a simple was to do it with just HTML and PHP 😁😁😁😁

                                          As I mentioned my coding skills were lost 20+ years ago 😁😁

                                          The image enlarging would most likely be JavaScript. Just use a theme with Hugo or some other store generator that ha a gallery display that you want.

                                          scottalanmillerS 1 Reply Last reply Reply Quote 2
                                          • scottalanmillerS
                                            scottalanmiller @hobbit666
                                            last edited by

                                            @hobbit666 said in How to Secure a Website at Home:

                                            It was going to be static but wanted to upload larger images but not have them taking up the page, and just clicking to enlarge for full view. Hence thinking a CMS with light box

                                            That's one tool for that, but there are other ways. You certainly don't need a PHP platform, CMS, and a database for that.

                                            1 Reply Last reply Reply Quote 1
                                            • 1
                                            • 2
                                            • 3
                                            • 2 / 3
                                            • First post
                                              Last post