Hardening drebbits.com

Apache to Nginx An Attempt HTTP2 Since I am in upgrading :allthethings: mood, I decided to also use the latest technology in the http world. I stumbled into this guide by deliciousbrain plus other guides for hosting WordPress yourself. White screen of Death To enable http2, I needed to upgrade nginx. After upgrading from 1.6.x to 1.10.x, I was greeted with a white screen of death in my WordPress install. Here’s what fixed it: location ~ \.php$ { include /path/to/fastcgi_params; fastcgi_pass; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; } […]

Purge Varnish Cache on Save

In case, someone out there trying to figure out how to purge varnish (3.x) cache in your WordPress site when updating a post/page — I’ve dealt with it this week and it’s pretty easy to accomplish it. Now that we’re talking about purging the cache, I presumed you have varnish configured and all your setup works. To start off, if there’s no definition of purging in your vcl file, you might want to add them — https://www.varnish-cache.org/docs/3.0/tutorial/purging.html. Remember to sudo service varnish restart after modifying the file so the changes will take effect. Now […]

Golden `–no-ff` rule

There’s a huge difference between merging master into feature and merging feature into master. So please for those who’s starting learning git – don’t ever make the mistake I made. Don’t disregard the use of –no-ff. In my case, I didn’t disregard it completely, though. I missed adding the flag as I perform git in terminal. One easy way so you’ll never have to type it again and run the risk of missing it is update your global git config: […]


Following the guide How To Downgrade Droplets, I have successfully downgraded my server in Digital Ocean. As every other guide, the scenario is almost always not exactly the same so I did my part of researching to resolve issues that have arised along the way. I’d like to note important things tailored to my needs that the guide never mentioned. Export the database manually. The guide only covers copying of the files, not the database. When you have the exported file, use it […]

Sanitize Multidimensional Input Field

Since input can accept multidimensional reference such as name=”foo[bar]” or name=”foo[bar][inside], you should sanitize/escape values multidimensional array recursively from the POST action. With WordPress’s sanitize_text_field, here’s a gist: function sanitize_array( &$array ) { foreach ($array as &$value) { if( !is_array($value) ) // sanitize if value is not an array $value = sanitize_text_field( $value ); else // go inside this function again $this->sanitize_array($value); } return $array; } Here’s a sample usage: // Var $arrayName = array(‘foo’ => ‘Hello to the’, ‘bar’ => array(‘var1’ => ‘<strong>Bold</strong>’, […]