Insights
Cybersecurity & Hardening
Expert guidance on Cybersecurity & Hardening. These workflows help you take control of your stack and move away from vendor lock-in.
Enterprise-grade security strategies, threat protection, and Zero-Trust architecture managed personally.
-
Cybersecurity & Hardening
Nginx Security Hardening: The Pragmatic Agency Guide
A no-fluff walkthrough of the Nginx hardening I apply on every server we manage. Covers TLS, security headers, rate limiting, and what to skip. Written for agencies, not enterprises.
-
Cybersecurity & Hardening
2FAuth: The Self-Hosted 2FA Manager I Actually Trust
How I deploy 2FAuth as a self-hosted 2FA vault: the Docker stack, the proxy in front, the backup discipline, and why I keep it behind a VPN.
-
Cybersecurity & Hardening
Authentik: One Self-Hosted Login for All My Apps
How I deploy Authentik as a self-hosted identity provider: the Docker stack, the Postgres and Redis pieces, the SSO flows, and when SSO is overkill.
-
Cybersecurity & Hardening
CrowdSec Installation and Server Protection on Ubuntu
How I install CrowdSec on every fresh Ubuntu server: package repo, firewall bouncer, the collections worth running, and the console wiring that closes the loop.
-
Cybersecurity & Hardening
CrowdSec for WordPress: Bouncing Bad IPs at the App Layer
How I wire CrowdSec's WordPress bouncer to the LAPI on the same server, what bouncing level to pick, and the failure modes I've watched it catch in production.
-
Cybersecurity & Hardening
Cryptgeon: Self-Hosted Secret Sharing vs PrivNote
How I deploy Cryptgeon as a self-hosted secret sharing service: the Compose file, the TTL defaults I trust for client onboarding, and the proxy in front.
-
Cybersecurity & Hardening
The Human Element in Cybersecurity: What No Firewall Fixes
Most breaches I see start with a person, not a packet. Here's the human-layer playbook for routers, DNS, passwords, and the social engineering no firewall stops.
-
Cybersecurity & Hardening
Kasm Workspaces: Self-Hosted Browser Isolation Done Right
How I deploy Kasm Workspaces for browser isolation on a single VPS, the Caddy proxy in front, and where remote browsers actually beat RDP and VDI.
-
Cybersecurity & Hardening
Linux Server Security: SSH Keys, Sudo Users, UFW
The Linux server security baseline I run on every fresh VPS: SSH keys, a non-root sudo user, password login disabled, and UFW locked to the right ports.
-
Cybersecurity & Hardening
Mistborn: Self-Hosted Wireguard + Pi-hole + Firewall VPN
How I deploy Mistborn as a self-hosted VPN platform: the one-line install, the Pi-hole adlists I trust, the DoH switch, and where it beats raw Wireguard.
-
Cybersecurity & Hardening
WireGuard Easy: My Self-Hosted VPN Front Door
How I deploy WireGuard Easy as a self-hosted VPN: the Compose file, the config trade-offs, and why wg-easy is my default for client-scale tunnels.
-
Cybersecurity & Hardening
Wirehole: Wireguard + Pi-hole + Unbound on One Compose Stack
How I deploy Wirehole as a self-hosted VPN: Docker Compose on Ubuntu, the Unbound version pin that bites everyone, and where it beats raw Wireguard.
-
Cybersecurity & Hardening
WordPress Admin Recovery: Reset Password or Create Admin
How I recover a locked-out WordPress admin: a clean WP-CLI path when SSH still works, and a SQL-only fallback through phpMyAdmin when it doesn't.
-
Cybersecurity & Hardening
WordPress Server Security: A Comprehensive Hardening Guide
The full WordPress server security pass I run on every production site: server baseline, WordPress hardening, headers, 2FA, and the plugins worth their CPU.