Posted on

Protect Your WordPress Site from Bad Bots for Free with Defender’s User Agent Banning

Learn how to protect your site from bad bots while allowing visits from safe user agents with our all-in-one WordPress security plugin Defender.

Your website’s security is under threat 24/7, whether it’s from a serious DDoS attack,  XSS attack, SQL injections, or just annoying spam. Defender’s User Agent Banning not only offers your WordPress site robust protection against requests from bad user agents at the server level, it also helps to free up server resources for all your good traffic.

And it’s all available at no cost (get it for free at wordpress.org).

Cartoon of Defender banning bad user agents
Defender comes to the party with User Agent Banning.

In this article, we’ll cover:

Let’s dive in…

What Is a User Agent?

Let’s start with this definition from Wikipedia…

A user agent is any software, acting on behalf of a user, which retrieves, renders and facilitates end-user interaction with Web content.

Network servers, email clients, search engines, and web browsers are all examples of user agents.

Essentially, a user agent is a “string” (i.e. a line of text) that identifies a client to a server. In other words, it’s a way of saying “Hello! This is who I am” to a web server.

A web browser, for example, includes a User-Agent field in its HTTP header identifying the browser and operating system to the web server (e.g. Chrome Browser Version 94.0.4606.61 on Windows 10).

The user agent string format for web browsers reads as follows:

Mozilla/[version] ([system and browser information]) [platform] ([platform details]) [extensions]

This allows each web browser to have its own, distinctive user agent and the contents of the user agent field can vary from browser to browser.

When I looked up my web browser’s user agent, for example, I got the following:

User Agent Web Browser
My web browser’s user agent. (Source: whatismybrowser.com)

This information is useful to a web server, because it allows the web server to serve different web pages to different web browsers and different operating systems (e.g. send mobile pages to mobile web browsers, show different pages to different platforms or operating systems, and even display “please upgrade your browser” messages to older web browsers).

Good Bots vs Bad Bots

Most website owners want their content to be found on the web, especially by search engines like Google.

Google automatically discovers and scans websites by following links from one webpage to another employing user agents called “crawlers”. Google’s main crawler, for example, is called Googlebot.

Most website owners, therefore, would consider Googlebot to be a “good bot” and welcome having this user agent visit their website via their web server.

Not all user agents, however, are good guys.

Unwanted visitors like spammers, scrapers, email harvesters, and malicious bots can also make use of user agents to threaten the security of your information and your website.

For example…

Example of Cross Site Scripting (XSS) attack

A user agent name can be modified, by having a link with a malicious JS code in it:

UserXagent:(Mozilla/5.0(!<script>alert('XSS(Example');(</script><!—

Here is the problem:

  1. A server will trust the user agent name and store the above string (e.g. in a Web Analytical tool).
  2. A real user (e.g. an admin) then accesses the tool storing the string.
  3. When the page with the logs containing the string is opened, the browser will then parse all listed user agents and execute the script. This script can be a simple redirect, or a spammy pop-up.

Defender’s User Agent Banning protects against the XSS attack from security headers by stopping the page from loading when such a User Agent name is detected.

Example of SQL injections

This is similar to the above. A User Agent name can contain an SQL query, for example, a single quote '.

If the server doesn’t have a high level of protection, it can cause an error, where an attacker can then start experimenting and executing SQL queries.

So, how can you let the good bots in and prevent the bad bots from visiting your site?

This is where Defender comes to the rescue.

How To Set Up Defender’s User Agent Banning

Defender’s User Agent Banning feature lets you specify which user agents you will and will not allow to visit your site.

To access and enable this feature, log into your site and go to Defender > Firewall

Defender - Firewall - User Agent Banning
Access Defender’s User Agent Banning from the Firewall menu.

Click the button to activate the feature…

Activate Defender User Agent Banning
Activate Defender’s User Agent Banning feature.

You can permanently ban malicious bots and bad user agents from accessing your site by entering these into the Blocklist field (one per line). Defender includes some common bad bots in the Blocklist by default. You can add more bad bots to the list by searching online for “bad user agent block lists”.

Defender User Agent Banning - Blocklist.
Ban user agents by adding them to the Blocklist.

Conversely, you can add good bots and user agents to the Allowlist field to allow them permanent access to your site. Defender includes a number of legitimate bots and user agents to this list by default.

Defender User Agent Banning - Allowlist
Allow good bots permanent access to your site using the Allowlist.

Note: If you add the same user agent or bot to both fields, the Allowlist will override the Blocklist.

The Message section lets you customize and preview the message that will display on your site to blocked users throughout the lockout period.

Defender User Agent Banning - Custom Message
Add a custom message to blocked users.

Bots are identified by their IP address and HTTP Header User-Agent. If the HTTP Header User-Agent is missing, this should be regarded as an unusual and suspicious red flag.  Often, these come with an SQL injection. In this case, the best option is to block their IP address.

You can block any IP addresses that send Post requests with empty referer and user agent headers in the Empty Headers section. (Note: the word referer is not misspelled.)

Defender User Agent Banning - Empty Headers
Activate this function to block IP addresses with empty headers.

Note: Spam bots sometimes do not have a referer or HTTP header, so activating this option will also help prevent spammy form submissions and comments.

Finally, you can easily deactivate the feature at any time if you no longer want to use it.

Defender User Agent Banning - Deactivate
Deactivate Defender’s User Agent Banning feature with just one click.

Remember to click the Save button when done to update your plugin settings.

To view a log of Defender’s activity and confirm that the feature is active and working, select Firewalls > Logs in the plugin’s menu.

Defender User Agent Banning - Logs
Defender starts banning bad user agents right away!

No Whiffs or Bots

With Defender’s User Agent Banning feature activated, bad bots won’t even get a sniff in and malicious user agents will strike out every time they visit your site. Defender goes straight to work banning and locking out user agents as per your configured lockout settings.

Additionally, Defender’s continuous monitoring protects your site while saving server resources for legitimate traffic, thus helping to further improve your site’s performance.

For more information or help using this feature, check out our documentation section or contact our 24/7 support team.

Posted on

337: ES Modules on CodePen

ES Modules are a native feature of JavaScript! The import and export keywords are actually a mighty powerful thing for a language to have. You can use them right on CodePen of course. For example, with our URL extensions, you can export stuff from one Pen and import it in another without having to use the External Resources feature in Settings or anything, which might make your code more clear.

Then with incredible services like Skypack, you have the entire world of npm available to import. Here’s a whole Collection of examples like that. React is easy pickings:

ES Modules is getting fancier and fancier!

import all the things!

Sponsor: Netlify

Among many incredibly innovative things Netlify has done is to offer cloud functions for any site you publish on Netlify. You chuck your functions in a functions folder (configurable) and they’ll run as AWS Lambda functions, without you even having to have an AWS account or deal with any of that ceremony. Now if you need a bit of server side code for your otherwise static site, you got it. Incredibly useful for doing any sort of dynamic functionality that needs to reach out to databases or APIs with security. And hey, if you need to import stuff, you got it.

The post 337: ES Modules on CodePen appeared first on CodePen Blog.

Posted on

How to Start an LLC in California

California’s economy is one of the most powerful globally, and small businesses make up 99.8% of all companies in California. 

LLCs represent 35% of small businesses in the US. This is because they offer some of the benefits of a corporation, like protecting personal assets without all the hassle and paperwork. 

Starting an LLC in California can be a quick and straightforward process with a little help. 

Your LLC can start generating profits faster than you thought was possible; just follow the steps below.

The Easy Parts of Starting an LLC in CA

Like most formal processes, starting an LLC sounds complicated, but it’s pretty straightforward. The process mainly consists of completing forms with basic information like your business name, address, and what your business does. 

LLCs are the quickest path to success for most small businesses because of owner-friendly policies like pass-through taxation and liability protection.

Liability protection lets you protect personal assets like your home or car when you create your startup. Pass-through taxation enables members of your LLC to skip corporate taxes in favor of individual federal income taxes.

The articles of organization sound formal and complex, but this form is quick and easy to complete in California. Getting an EIN from the IRS is also an easy process. You can grab one online for free.

The Difficult Parts of Starting an LLC in California

It only takes a quick search to learn about the potential negatives of running a business in California. But when you look at creating an LLC, even the bad news isn’t so bad.

Naming an LLC in California can be tricky because of its list of requirements. But these rules have your customers in mind. They are a good guide to follow no matter what state you license your LLC, especially if you plan to operate nationally someday.

There are also some types of LLC, like the series LLC, that California doesn’t allow unless you’re a foreign entity. If you already have a clear business plan, confirm that the LLC structures in California will enable you to execute it as outlined.

Another downside to operating an LLC in California is the costly annual franchise taxes. These come in at a minimum of $800 per year, no matter how little your business earns.

The LLC operating agreement can also be tough to complete, but it’s common for any LLC. In a state known for lawsuits like California, this document can be a strong layer of protection for you and your business.

Local and state licenses can be more complex in California for the same reason. Maintaining an LLC in Cali means paying attention to regular changes in legislation. Headline-grabbing changes from the last several years include The California Revised Uniform Liability Act and The California Consumer Privacy Act

These kinds of regulations can make ongoing compliance a headache for small business owners.

LLC services like ZenBusiness can help create your LLC and keep it compliant. This saves time and effort for you, so you can focus on growing your new business.

Step 1: Choose a Business Name

Choosing a name for your business sounds fun and easy, but it’s a very important decision. This step can be pretty time-consuming because California has rigorous naming guidelines. There are several places you’ll want to check for duplicates before you can choose your business name. 

Brainstorm name ideas

As you think about your perfect business name, write out a long list of name ideas. If you jump on the first name you like, it may already be used by another company or website. You’ll want to avoid the hassle of negotiating for your chosen business name.

Add the LLC

Add one of these to your business name if it doesn’t already include it:

  • Limited liability company
  • LLC
  • L.C.C.
  • Limited
  • LTD
  • Company
  • Co 

You might wonder how the business name will impact your branding when naming your LLC. In this case, you can file a DBA (“doing business as”), which is like a nickname for your business. You’ll need to submit your DBA or fictitious business name in the county where you operate your business.

Cut confusion

An LLC name in California can’t include words that could lead customers to confuse your business with a state or federal agency. So, avoid names like The FBI: Fun Business Institute or The San Diego Treasury.

Some terms, like bank, university, or attorney, may require you to show that a licensed individual in that industry is part of your team. 

You’ll also want to avoid words that indicate that your business offers insurance or terms that indicate your business is a corporation and not an LLC.

These regulations help make sure that businesses aren’t misleading the public.

As you choose a business name, ask friends or coworkers what comes to mind when they see your business name. This can help you make sure you are giving people the right idea about what your business does.

Look for state duplicates

Once you have a handful of good business names, do a business search for the State of California to see if your favorite names are available. If the name you choose is too similar to an existing business, you may have your LLC application rejected.

Search the web

Web domains are hot commodities. Check to see if the domain for your business name is available, even if you don’t plan to build a website right away.

Reserving and changing your name

If you’re still figuring things out but want to keep a business name just in case, you can reserve an available name for up to 60 days. Just file a name reservation request!

You also have the option to change your business name later. 

Step 2: Sign Up for ZenBusiness LLC Formation Services

California has more one-of-a-kind rules and regulations than most other states. Their regulations also change more often than you might expect. Maintaining your LLC will mean careful attention to deadlines for annual reports, fees, and taxes. It’s also essential to follow their guidelines carefully when starting an LLC.

Business formation services like ZenBusiness take care of the tricky parts of registering your business as an LLC. They can also help you maintain your LLC status. 

ZenBusiness pricing starts at $49 for the Starter plan, including preparing and filing the LLC paperwork, annual report service, an operating agreement template, and a 100% accuracy guarantee. The Pro plan is $199 and includes expedited filing, an EIN, compliance help, and more. The highest plan is Premium at $299. It has a “rush” filing speed and also includes a business website, domain name, email address, and more.

Agent of Service of Process

California requires businesses to have a registered agent, called an Agent of Service of Process.

This individual or business entity needs to be a full-time resident or corporation in California. They have to be available for company business during normal business hours every day the business is open during the year. The agent of service of process receives legal documents like tax forms and lawsuit notices.

They also maintain a calendar for compliance to make sure your California LLC is on top of required reports. Your agent also maintains an archive of legal documents. This makes it easy for your business to stay compliant when requirements change.

ZenBusiness offers registered agent service free for your first year as an LLC. The service is affordable and essential for any business with a small team and a tight budget. 

They will take care of LLC compliance, so you don’t have to worry about annual filing and other deadlines. They also have expert support to guide your business through challenges that may come up.

Decide on management

The decision of whether your members or an outside manager will manage your LLC is an important one. The Beginner’s Guide to Members vs. Managers in an LLC can help you make this critical decision.

This is something you’ll need to decide before officially filing, as the answer is required on the articles of organization. You’ll choose between a member-managed or manager-managed LLC.

Step 3: File Your Articles of Organization

You’ll work with ZenBusiness to file your articles of organization.

Before you submit, be sure to proofread your forms carefully. Make sure you and your partners are on the same page about the details. 

You can file online, in person, or by mail, and it costs $70. There is an extra $15 drop-off fee if you choose to submit forms in person. 

The processing time after you submit the articles of organization is usually five days. For an additional $750, the state can process your filing the same day you submit it! 

Each amendment to the original articles of organization costs $30. This process requires you to complete another form.

Step 4: Create Your LLC Operating Agreement

The operating agreement is a California LLC mandate. The operating agreement outlines the rules and expectations the LLC members have agreed your LLC will follow. Not all states require one, but even where it is not mandated, it is highly recommended.

This document is legally binding and will help protect your business from internal disputes when challenges come up. 

You don’t have to file the operating agreement formally, but you’ll need to keep any written agreement or amendments with your LLC business records.

Use an operating agreement template

Your ZenBusiness plan comes with an operating agreement template. It can really simplify this complicated process. 

Choices about profit and loss distribution, dividing ownership, and membership structure can be tough to agree on. Starting with this template can smooth the path to logical decisions.

Other things included in the operating agreement include voting rights, adding or removing an LLC member, and even dissolution procedures.

Most of us don’t want to think about the end when a project is only beginning. But outlining a plan for dissolving your LLC will help ensure all members have a clear picture of the future options for your new startup.

An operating agreement will also help ensure the courts maintain your California LLC status. This is just in case your team does something that puts your business in danger of dissolution, like forgetting to pay your filing fees or making changes to the business without amending your articles of organization.

Step 5: File the Initial Statement of Information

You’ll also need to file the initial statement of information within 90 days of forming your California LLC. This costs an extra non-refundable fee of $20, and you can take care of this online, in-person, or by mail.

After the initial filing, you will need to file this statement every two years. This report will include basic information about your business. It has updated addresses and other contact information, along with confirming the main activities of your business.

If you stick with them, ZenBusiness will accept, scan, and archive legal mail for your business. That ensures that these critical communications are all in one place. This makes your LLC records easy to find, which makes it easier to maintain your LLC status.

Step 6: Compliance With California Tax, Federal Tax, and Other Regulatory Requirements

The location and function of your California LLC may mean that you’ll need extra business licenses for the compliant operation of your LLC. 

For example, if you’re opening a clothing store LLC in Berkeley, California, you might also need:

  • A business tax certificate from the city
  • A DBA statement from Alameda County
  • A CalGold certification for health and safety standards

If you operate in more than one California city, you may also need a license in each city where you operate. The CalGold website is a helpful place to get started. 

You may also want to hire legal services to make sure you have everything covered. Incfile is the best online legal service for startups. They can help your team navigate the legal requirements in your local California community.

California sales tax and employee taxes

Your California LLC may also need to register with the California Tax Authority. California is a complex state for taxes. California employer taxes alone include:

  • Employee withholding tax
  • Employment training tax
  • Unemployment insurance tax and disability insurance

Our Guide to Understanding How LLC Taxes Work walks you through the different types of taxes your LLC might encounter. It can give you an idea of how to prepare your business for those taxes.

California franchise taxes

Another to-do on the California LLC tax list is paying your annual franchise tax.

California’s fee is pricier than most other states. It’s an $800 annual fee regardless of your business income. LLCs making more than $250,000 also need to pay an extra fee.

Some LLCs may be exempt from this franchise tax. It’s a good idea to work with a tax professional to ensure that your business pays the minimum in taxes and state fees for compliance.

Step 7: Get Your EIN

An EIN is an employer identification number that the Internal Revenue Service assigns. You’ll need this ID number to file and manage your California state and federal taxes and to open a bank account for your LLC. The IRS offers a quick online form to request your EIN.

An EIN is also required if you plan to hire employees for your business. This ID is unique to your LLC, so you’ll need to request a new EIN even if you had one for your business before filing for the LLC.

Posted on

What Is HTTP/3 and What Does It Mean for APIs?

The majority of APIs today are based on the Hypertext Transfer Protocol (HTTP). HTTP has been around for a very long time, in computer terms. It is the protocol underlying the Web and has changed surprisingly little since its inception in 1989. HTTP/1.1 was first standardized in 1997 and since then has been updated, but it was never replaced.

HTTP/2 was released in 2015 but did not change the way HTTP works for HTTP users. The update made the protocol more efficient by changing the way in which HTTP servers and clients communicate. However, HTTP/2 still had some shortcomings which were largely caused by the protocol using the Transmission Control Protocol (TCP) as its foundation.

Posted on

Microservices: Quarkus vs Spring Boot

Who will win? Spring Boot or Quarkus.

In the era of containers (the "Docker Age") Java still keeps alive, being struggling for it or not. Java has always been (in)famous regarding its performance, most of because of the abstraction layers between the code and the real machine, the cost of being multi-platform (Write once, run anywhere — remember this?), with a JVM in-between (JVM: software machine that simulates what a real machine does).

You may also like: All About Spring Boot [Tutorials and Articles]

Nowadays, with the Microservice Architecture, perhaps it does not make sense anymore, nor any advantage, build something multi-platform (interpreted) for something that will always run on the same place and platform (the Docker Container — Linux environment). Portability is now less relevant (maybe more than ever), those extra level of abstraction is not important.

Posted on

Top Reasons to Go for Angular Development Services

JavaScript (JS) is known as the top scripting language that works on a JS framework. Professional web developers and designers have several choices but the job is to select the appropriate frameworks. The choice to select the right framework varies on the kind of business or website kind you wish to design. The most used JS framework is known as Angular.

What Is Angular?

Introduced by Google, it is one of the top and client-focused frameworks. The open-source framework assists the developers in conflict challenges with a single-page web app. The applications include shell pages with numerous views. Its library is syndicated with more libraries. It includes HTML vocabulary for application and web development.

Posted on

8 Details That Make Angular the Favorite Web Development Framework

Angular is a popular web development tool that gained momentum over the past few years. It is one of the most acceptable JavaScript frameworks that Google created back in 2009 to assist web development. This tool aimed to make front-end development much simpler and more accessible for the development company. 

Many top companies like Netflix, PayPal, Upwork, and similar reputed brands are using this framework. Angular also ranked the third most frequently used technology in 2020, after NodeJS. 

Posted on

Managing Annotations Within PDFs Using Accusoft PDF Viewer

Viewing PDFs natively within applications used to be a major headache for developers. Even though the PDF standard has been open and available for decades, most people still relied upon external reader software and browser plug-ins to open, view, and edit PDF files. Given the complexity of PDF rendering and discrepancies between readers, there was no guarantee that two people viewing the same document would see the same thing.

When Mozilla developed and released PDF.js as an open source library in 2011, developers finally had a way to easily integrate PDF viewing into their web applications to ensure a consistent viewing experience. Even then, however, this JavaScript library didn’t support the entire PDF specification and lacked key features like annotation tools. That may not have presented much of a problem ten years ago, but today’s users no longer regard annotation as a “nice to have” feature. If your web application doesn’t allow them to natively markup or sign documents, they’re liable to turn to more comprehensive solutions pretty quickly.

Posted on

DevSecOps: A Complete Guide

Why should you learn about the basics of DevSecOps even if you’re not a software developer? The short answer is to improve security at your business or company. Organizations have long had a heavy focus on speeding up application development to deploy new software as soon as possible, but this frequently came at the cost of security.

Unfortunately, if an application was discovered to have security issues at this stage, it meant rewriting large amounts of code which could easily become a very convoluted, difficult, and time-consuming task for developers.

Posted on

Monitoring NVIDIA GPU Usage in Kubernetes With Prometheus

If you’re familiar with the growth of ML/AI development in recent years, you’re likely to be aware of leveraging GPUs to speed up the intensive calculations required for tasks like Deep Learning. Using GPUs with Kubernetes allows you to extend the scalability of K8s to ML applications.

However, Kubernetes does not inherently have the ability to schedule GPU resources, so this approach requires the use of third-party device plugins. Additionally, there is no native way to determine utilization, per-device request statistics, or other metrics—this information is an important input to analyzing GPU efficiency and cost, which can be a significant expenditure.

Posted on

Elastic Stack Guide Part – 2 (Heartbeat)

In the previous blog, we mainly discussed Filebeat and Metricbeat along with exploring the system module. In this blog, we will see the usage of heartbeat and how to monitor the services using heartbeat. 

Heartbeat should not be installed on each server you monitor, it should be installed on some separate servers from which you can monitor all url’s/services. For example, we have one server deployed at x.x.x.x:8000 at some server in AWS in the north region, then we can install heartbeat in our four servers in each region(north, south, east, west) of AWS and can monitor this server from all the servers to check whether services are UP from all India. 

Posted on

gRPC Compression Support in Go, Java, and Ballerina

In distributed applications, occasionally, we use compression methods to save the network bandwidth. gRPC supports message-level compression on both client and server sides. Different programming languages have different kinds of ways to enable/disable gRPC compression. This article describes how to use gRPC compression in several programming languages; Go, Java, and Ballerina. Gzip compression algorithm is the most commonly used compression algorithm in gRPC, and the samples in this article also use Gzip.

gRPC Compression in Go

In Golang, there are two different ways to enable compression on the client-side and server-side. On the client-side, we have to pass a relevant compressor as an option to the RPC call. On the server side, we have to import the gRPC Gzip package to enable message compression.

Posted on

Edge Computing: The Future of Cloud

The IDC forecasts the global edge computing market to reach $250 billion by 2024, with a compounded annual growth of 12.5%. No wonder the industry is talking about Edge Computing.

Edge computing is one of the “new revolutionary technologies” that can change organizations wanting to break free from previous limitations of traditional cloud-based networks. The next 12–18 months will prove to be the natural inflection for edge computing. Practical applications are finally emerging where this architecture can bring real benefits.

Posted on

Deploying a Kotlin App to Heroku

Since its earliest release, Java has touted itself as a "write once, run everywhere" programming language. The idea was that a programmer could develop an app in Java, have it compiled down to bytecode, and become an executable that can run on any platform, regardless of operating system or platform. It was able to do so in part by a runtime known as the Java Virtual Machine, or JVM

To Java's credit, the JVM was (and still is!) an incredibly fine-tuned runtime that abstracted away a computer's underlying hardware. While Java as a programming language survives to this day, it is often viewed as cumbersome, stodgy, and representative of an outdated approach to implementing solutions. 

Posted on

What Is an SRE? How To Land an SRE Role Today

What is SRE?

Site Reliability Engineering (SRE) is a relatively new term in the software industry. It is a software engineering approach designed for improved system management and problem-solving. Think of it as a new form of system administration.

In SRE, a software engineer is in charge of tasks that are usually performed by the operations team. Site reliability engineering involves ensuring the availability, latency, performance, capacity, scalability, and deployment of software systems by the engineers themselves.

Posted on

How to Enhance Your Deployment With Continuous Testing in CI/CD

Digital transformation has gripped us all! Most of the businesses are moving towards a cloud-centric environment and leaning towards ‘Shift-left’ DevOps practices. This rapid paradigm shift in Software Development Life Cycle (SDLC) is creating a need to integrate continuous testing to build out resilient CI/CD pipelines. Balancing quality and speed is a major challenge and continuous testing in CI/CD can act as a catalyst in the whole process. 

To ace the competition, businesses are looking for better ways to perform CI/CD Pipeline Automation Testing.  One of the approaches adopted by many is an integration of continuous testing in the entire product development life cycle, right from the start until the end.