Monthly Archives: October 2023

nginx proxy timeout

*1751 upstream timed out (110: Connection timed out) while reading response header from upstream

nginx errror log

On the location /proxed/ { or your proxy_pass

proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;

wp_wfConfig too large

While debugging some bottlenecks in one of my servers…

i’v realised that one of my db queries to Wordfence tables were causing it.

Solution was to… uninstall wordfence – to clean all their tables – anda reinstall it.

After removing it 23:30, CPU usage and Load Average was a significantly reduced.

Remove prices from WooCommerce

We can simple use a plugin for it. YITH WooCommerce Catalog Mode can do the work.

Although this might not be enough if you want to remove prices from Google results.

Add the following to your functions.php located at your theme page.

add_filter( 'woocommerce_structured_data_product_offer', '__return_empty_array' );

Test your page results according to Google at
https://search.google.com/test/rich-results?hl=pt-br

Google Support – About sale price annotations
https://support.google.com/merchants/answer/9017019?hl=en&sjid=11620160989609311719-EU

Google Merchant Center
https://www.google.com/retail/solutions/merchant-center/

Web Application Security Checklist by probely

The checklist

General security

  •  I use prepared statements in SQL queries
  •  I do not concatenate any other input data to SQL queries other than the bound parameters
  •  I validate all input data server-side
  •  I encode all input data before sending the response to the browser
  •  I have disabled directory listing in the web server
  •  I include a CSRF token in requests that change state (or I use the SameSite cookie attribute for the session cookie)
  •  I do not show errors with stack traces, source code, full paths or any other internal data.
  •  I verify the content type of uploaded files and delete the bad ones
  •  If I handle XML files, I disabled external entity and DTD processing
  •  I use HTTPS and I send the Strict-Transport-Security header
  •  I only accept TLS 1.2 or higher
  •  I set the Secure, HttpOnly and SameSite=lax attributes in session cookies
  •  I set the Secure attribute in all other cookies, and if possible HttpOnly also
  •  All 3rd-party JavaScript libraries that my app uses, are updated to the latest version

    I have a login feature and cannot use an already existent service:
  •  I store passwords using a strong cryptographic function (scrypt, argon2, bcrypt, or PBKDF2)
  •  I ask for the current password to set a new password, email or any other information used in the password reset process
  •  I only accept passwords longer than 12 chars and reject common passwords (top 1000)
  •  I support multi-factor authentication
  •  I limit the number of attempts to endpoints such as login, password reset and 2FA validation
  •  I use the language libraries to create and validate JSON Web Tokens (JWT)
  •  I destroy the session server-side and invalidate the matching JSON Web Token (JWT) when the user logs out
  •  I destroy the password reset token after it is used and after a pre-defined time
  • version 1.1

Read more at

https://github.com/Probely/security_checklist

https://www.probely.com