A while back I received some unwanted attention on my blog and that forced me to really rethink my whole security strategy for my blog. Most of it was my fault, I did not really do the proper research and ended up using a poor hosting provider and to make matters worse, did not really secure my blog. I was new to the blogging world, wasn’t really aware and to be honest, I did not think my blog would get hacked. Part of hosting your blog requires a level of commitment when it comes to management. Regardless of the past, it’s a lesson I learned and I took the necessary precautions to avoid such problems in the future, this included, moving to a new hosting provider.
Once I had everything setup on the new hosting environment, I then went ahead and downloaded some plugins, mainly SEO and Security (minimizing the number of plugins I use) to better protect against DDoS and PHP injection attacks due to less vulnerabilities that can be found in third party plugins. I also enabled Cloudflare. Now, Typically like most of us bloggers, when I would create a new post, I would post it on LinkedIn and would be able to see a preview of the post with an image like this:
However, not really realizing, with the new added security plugin and hardening the website, I noticed an issue when posting posts on LinkedIn, the preview that you see above would not longer show. All you’d see is just a title of the website and nothing else. At the time, I was pretty busy and never really had the time to address the issue. The blog was working well, so it wasn’t a priority. However at some point, it started to bother me because I don’t really like posting links without proper preview. As a user who sees the content on social networking sites, I wouldn’t want to click on something that looks like a link with no info, so I started to investigate as to why I was having this issue. The interesting part, is that on Google+ and Facebook, I did not have this issue, this was an issue mainly on LinkedIn.
From the get-go, I pretty much new that it had to do with the website hardening because that’s the only different approach I took when I moved my site to a new hosting provider, however the trick was to figure out what it was. So, I started with the WP Security plugin, and sure enough, that was a good place to start. First thing I did, was disable the plugin to see if it would fix the issue and it did. Knowing that, I wanted to know exactly what was in this plugin that was causing this issue. I didn’t want to just disable the plugin and call it a day. As I started going through the settings, I came across the following:
When I disabled the “Protect System Files” I noticed that the Post Preview started working right away. Now, I knew what the issue was, however, can we enable this feature and still have the preview working? After some searching around, I came across a few WordPress forum posts about modifying the .htcaccess file to allow linkedin bot access. If you navigate to BotoPedia and search for LinkedIn, you’ll find the name of the bot is called Jakarta:
# 5G:[USER AGENTS]
# SetEnvIfNoCase User-Agent ^$ keep_out
SetEnvIfNoCase User-Agent (binlar|casper|cmsworldmap|comodo|diavol|dotbot|feedfinder|flicky|ia_archiver|
<limit GET POST PUT>
Allow from all
Deny from env=keep_out
This step seems to have helped me a lot. I tried looking up the forum post that suggested this fix, but no luck. Definitely a big shout out to the OP who posted this fix, helped me out quite a bit.