Author: admin

“Special characters” do not make passwords secure

All too often I’m presented with the following “rules” when setting a password for a website or service: –

Let’s make this clear now … NONE of these “properties” make a password secure. Passwords do not need to contain obscure special characters. A wonderful Password Strength article on xkcd covers this succinctly, their cartoon (that’s free to redistribute) says it all: –

Summary

Don’t be fooled by the computer – it’s trying to trick you into using passwords you cannot remember and it can easily guess. Use letters, and just make the password long. Nothing else really matters. Unfortunately too many website have fallen into the same trap and force you to use passwords you cannot remember.

21 May 2025
Gibraltar (parking at La Línea)
It’s often a lot more efficient when visiting Gibraltar from Spain to park at one of the underground car-parks in La Línea de la Concepción and then walking across the border, which is only a few hundred metres away.

The entrances to the Frontera Telepark can be found at: –
1. ///chase.pints.slams
2. ///forum.races.hotel
When entering the car-park take a ticket, which will be associated with your registration number.

Although there are a lot of spaces in the car park the spaces are very small so parking is often a challenge, especially if you have a big car.

Parking is charged by the hour or you can pre-pay, saving some money on the rate for a whole day. To pre-pay for the day (€8 at the time of writing) visit a pay machine before leaving the car-park (near the 2nd entrance at ///loser.scuba.damage). The machine’s look like this: –

You need to select the Prepaid ticket option from the display. You can select an appropriate language from the first option, which simply moves to the chosen language when you press the option. When you get to your language (English?) you will see the Prepaid ticket option: –

You are then prompted to enter your parking ticket. Do this and then select the appropriate option, a daily option should be there for €8.

When leaving the car-park you probably won’t need your ticket – the barrier should recognise your registration number, the fact you’ve already paid, and the barrier should open.
18 May 2025
My favourite plugins?
It’s early days in the life of this blog/website, I am just setting up my site after all, but here are my evolving favourite (essential?) plugins – ones that I am using now (in no particular order): –
- Jetpack (obviously?)
- Akismet Anti-spam: Spam Protection [subscription] (because I want to limit spam content)
- UpdraftPlus – Backup/Restore (because it’s simple to backup to AWS S3)
- WP 2FA – Two-factor authentication for WordPress (because I want to force every user who wants to register on my site to use 2FA)
- PublishPress Permissions is great for advanced content permissions. The Members plugin is great but it does not appear trivial to block posts completely based on role, the title is still visible. Although it might be able to do this the control is not obvious. PublishPress Permissions, for me, offers the control I need. I can add permissions for a Categories (and Tags) as well as Posts! This, for me, is important because I need ‘restricted’ Categories and Tags.
And some plugins I’m using but am unsure about at the moment: –
- WP-Optimize – Clean, Compress, Cache
10 May 2025
WP media not visible? File permissions?

In our shared hosting installation we discovered that incorrect file and directory permissions prevented our images (media) from being displayed … probably due to a mistake when transferring the initial WordPress installation from our remote client.

For shared hosting all directory permissions should typically be 0755 and files should be 0644 (except wp-config.php, which should be 440 or 400 to prevent other users on the server from reading it). You can read a discussion of this in the WordPress file permissions documentation, specifically the section on Shared Hosting with suexec

To fix the visibility problems we changed the permissions with our standard FTP client (FileZilla) to recursively set permission of directories and files. Remember that the WordPress installation consists of thousands of directories and tens-of-thousands of files, so be prepared to wait for a few minutes for the client to finish the Job.

9 May 2025
Updraft AWS S3 backup configuration
We’ve chosen to use the Updraft plugin to perform our site backups. There are about 3 million installations, and it is under active development (with mods made in the last few weeks). It also supports Amazon AWS S3. To do this we create: –
- An AWS Bucket (e.g. kaitak.org)
- An IAM User with a Policy that provides access to the bucket
There’s more than one way to access an Amazon S3 bucket as a backup destination but we created an AWS IAM User, a custom (JSON) Policy, and an Access Key with a use case that’s “Application running outside AWS“.

Our Policy, which limits the user to just our bucket, looks like this: –
```
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::kaitak.org",
                "arn:aws:s3:::kaitak.org/*"
            ]
        }
    ]
}
```
With the bucket created, and a User and Policy assigned, we simply have to provide the bucket and access key information in the Updraft Amazon S3 backup configuration, where the following fields need to be set: –
- Amazon S3 access key (you AWS access key’s access key)
- Amazon S3 secret key (your AWS access key’s secret key)
- Amazon S3 location (e.g. kaitak.org)
If all goes well, when you press the Updraft Test Amazon S3 Settings button you’ll see a Success message!
8 May 2025
The site’s under construction!

We are just getting started here so it may be some time before you see anything of real interest. For now we’re experimenting with WordPress to see if it does everything we need. Your patience is appreciated, thank you.

8 May 2025