Articles & Insights

Discover tutorials and insights on CDN performance, edge security, and web infrastructure.

    Latest Articles

    Photo of Tony Perez
    Tony Perez (@perezbox)
    Analyzing 17000 Spam Links on a Hacked WordPress Site

    We dig into a 17,000-link SEO spam injection on a hacked WordPress site—what it was, how it was planted, and what we can learn from it.

    Posted in: security-research
    Photo of Tony Perez
    Tony Perez (@perezbox)
    The Domain Name System (DNS)

    DNS is the fabric that maps human-friendly names to IP addresses. This guide explains the DNS hierarchy, how lookups work, and which parts you can control as a user and website owner.

    Posted in: educational-guide dns
    Photo of Tony Perez
    Tony Perez (@perezbox)
    Protecting SSH on Web Servers

    Practical SSH hardening for web servers—key configuration tips plus an allowlist model using IPAuth to reduce attack surface.

    Posted in: server-security educational-guide
    Photo of Tony Perez
    Tony Perez (@perezbox)
    What Hackers Do with WordPress in 2022 - Post Hack Analysis

    This article explains what hackers do with WordPress once they successfully hack a website.

    Posted in: security-research wordpress-security
    Photo of Daniel Cid
    Daniel Cid (@danielcid)
    Automated Attacks Against WordPress Target Old Vulnerabilities

    Evidence from a fresh deployment shows bots quickly probing for years-old plugin flaws and blindly attempting wp-config.php grabs.

    Posted in: security-research wordpress-security
    Photo of Tony Perez
    Tony Perez (@perezbox)
    How WordPress Gets Hacked in 2022 - Initial Reconnaissance

    This article shows the techniques used to hack a WordPress site in 2022.

    Posted in: security-research wordpress-security
    Photo of Tony Perez
    Tony Perez (@perezbox)
    The Most Effective Security Control for Open Source Admin Panels Never Used

    Exposing wp-admin (and other CMS admin URLs) invites automated attacks. This guide shows why default-deny access controls—IP allowlisting or browser authentication—are the most effective, underused defense.

    Posted in: website-security educational-guide
    Photo of Tony Perez
    Tony Perez (@perezbox)
    The Importance of Asset Monitoring

    Why monitoring servers, websites, API endpoints, and domains matters—and how to cover both CDN edge and origin for true availability and performance visibility.

    Posted in: website-security educational-guide
    Photo of Tony Perez
    Tony Perez (@perezbox)
    A Website Security Framework Intro

    A practical website security framework inspired by NIST CSF—how to structure Identify, Protect, Detect, Respond, and Recover, make security continuous, and start with asset inventory.

    Posted in: website-security educational-guide
    Photo of Daniel Cid
    Daniel Cid (@danielcid)
    How the JSON API and XMLRPC are used for Brute Force Attacks Against WordPress

    How attackers enumerate users via WP-JSON and brute force credentials through XMLRPC (including system.multicall), plus practical hardening tips.

    Posted in: security-research wordpress-security
    Photo of Tony Perez
    Tony Perez (@perezbox)
    How to Improve the Largest Contentful Paint (LCP) – Web Core Vital Metrics

    Where LCP fits in Core Web Vitals, what hurts it (images, render-blocking assets, slow backends), and practical fixes—plus how CDNs help.

    Posted in: website-performance
    Photo of Tony Perez
    Tony Perez (@perezbox)
    Open-Source CMS and Software Bill of Materials (SBOM)

    Why SBOMs matter for open-source CMS ecosystems (WordPress, Drupal, Joomla, Magento) and how CycloneDX helps manage software supply-chain risk.

    Posted in: security educational-guide

    Improve Your Websites Speed and Security

    14 days free trial. No credit card required.

    Get Started