When you go to the Dashboard of your WordPress site, WordPress checks whether your browser is up-to-date, and displays a notice if it is not. However, the browser check is performed by an external site. WP sends such data as: visitor’s user agent string, WordPress version, and the URL of the blog (and, implicitly, its IP address). Unfortunately, there is no way to opt out of that in the Dashboard. Luckily, there is a solution.
By default, WordPress allows an unauthenticated user to view the list of the registered users with the help of the REST API. But, for example, to view the list of the users in the Dashboard, the user needs to have `list_users` capability (that is, be an Administrator). While the REST API does not expose sensitive information (such as emails) to unauthenticated users, it may be desirable to restrict `users` endpoint form unauthenticated users.
We live in a world where data is an incredibly valuable currency, and you are always at risk of loss. Because of this, you must do everything you can to ensure what you hold on your desktops and servers is safe. If you are looking to lock down your Linux servers and desktops as tight as possible, you should consider to make use of two-factor authentication. This article explains how to configure two factor authentication using pam_u2f.
Add this to proftpd.conf and restart proftpd:
A CORS proxy is a service that allows sites to access resources from other websites, without having to own that website in case when no `Access-Control-Allow-Origin` header is present on the requested resource. This article shows how to create one with the help of nginx and without writing a single line of code.