15 Ways to Increase Your WordPress’ Security


1. Don’t Display Error Messages on Failed Login

WordPress’ admin screen displays “ERROR: Invalid username.” if you enter an invalid username. But if you enter a valid username and an incorrect password, it’ll say “ERROR: Incorrect password.” This basic security flaw tells intruders which usernames to target. I don’t understand why the WordPress team designed it this way.

You can disable the error message by putting this in your theme’s functions.php:

add_filter('login_errors',create_function('$a', "return null;"));

Hear TV Show Characters Say a Quote, Playing With Twilio


I was inspired by Rob Spectre’s Laugh-o-tron and made a telephony extension to my Twitter Bots.

Try it out. Call 646-480-6046 to talk to various TV show characters. Right now the vast majority of the quotes are spoken by a text-to-speech program because I have to find, crop, and upload audio files for each one. But McNulty from The Wire (choice #1) has a few real audio clips. Let me know how I can improve it.

8 Ways to Defend Against Brute Force SSH Attacks


I looked at my server’s auth logs today and was unsettled to find thousands of lines like these:

Feb 12 06:49:52 localhost sshd[25416]: Invalid user photo from xxx.xxx.xxx.xxx
Feb 12 06:49:52 localhost sshd[25416]: pam_unix(sshd:auth): check pass; user unknown
Feb 12 06:49:52 localhost sshd[25416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=some.random.domain
Feb 12 06:49:54 localhost sshd[25416]: Failed password for invalid user photo from xxx.xxx.xxx.xxx port 49608 ssh2

I was looking at someone running a brute force attack on my server trying to gain SSH access. Looking further back in the logs, I found crackers (not the derogatory term for white people but people who break security maliciously) had been attacking me for at least a month. Luckily the unsophisticated attack simply tried various username/password combinations. After common usernames like root, admin, and user were tried, the attackers used names like aaron, gary, stephanie, etc.

Alright, time to shut these guys down. (All setting changes were made in /etc/ssh/sshd_config and on Ubuntu unless otherwise specified.)

How to Send Email With Postfix on Ubuntu via Gmail SMTP


I just setup email sending on my server by following this clear tutorial.

The tutorial walked me through setting up Postfix on an Ubuntu server and sending email via Gmail’s SMTP. I had to create a certificate, sign it, have my server communicate via some secure transport layer with Gmail using another certificate signed by some country in South Africa. I don’t understand all of it, but it works.



I just finished redesigning my site. It was a lot more work than I expected. After becoming interested in Swiss design, both philosophically and aesthetically, I was inspired by the personal websites of Rdio and Django designer Wilson Miner, former New York Times web designer Khoi Vinh, and an Argentinian designer.

The Origin of the World Wide Web


I’m reading Tim Berners-Lee’s book Weaving the Web about how he conceived of and designed the world wide web.

For a long time I never really got the distinction between the “Internet” and the “world wide web.” To me they were the same thing, and they might be for many other folks too. But in hindsight this is just a testament to how successful Berners-Lee’s creation is.

How the Internet’s Domain Name System Works


So what exactly happens when you type “davidxia.com” into your browser’s address field and hit “Enter”?

A website is simply a collection of online content ranging from text documents to images to video. All this content lives in physical machines called servers. Servers listen for incoming calls or requests from web browsers or applications and respond with the appropriate content.

Think of the Internet as having a giant Yellowpages phone book

What Do Venture Capitalists Do All Day?


I just listened to a great episode of Stanford Technology Ventures Program’s Entrepreneurship podcast. This one has Kleiner Perkins Caufield & Byers partner Dana Mead explaining what venture capitalists do as an industry, as individuals in their day to day life, and how he decides where to invest.

College Isn’t and Shouldn’t Be the Best Years of Your Life


“College will be the best four years of your life.”

If you’re a high schooler, someone’s probably told you this. If you’re an adult, you’ve probably said this to some impressionable young person. If you think this sentence is bullshit and at worst a harmful sentiment to say or hear, you’re with me.

Why an Aesthetically-pleasing Internet Is Important


I prefer to write code for backend. The plumbing, infrastructure, functionality of a product. Backend developers want the computer to spit out all the relevant data for a page as fast as possible. Their primary concern isn’t how it looks, just that it gets there efficiently.