Well I got into some interesting spaces when I found this site :
In order to get an A+ rating for my blog, I went through all the suggested routines and while I won’t detail them, below is what I have landed on for what works on my WordPress site.
Inject this into your .htaccess file on your Apache webserver
Header set Content-Security-Policy “upgrade-insecure-requests”
Header set Strict-Transport-Security “max-age=31536000; includeSubDomains; preload”
Header set X-Xss-Protection “1; mode=block”
Header set Referrer-Policy “strict-origin”
Header set Permissions-Policy “geolocation=self”
Header set Access-Control-Allow-Origin “https://*yoursite.com*”
Header set Cross-Origin-Embedder-Policy “unsafe-none”
Header set Cross-Origin-Opener-Policy “unsafe-none”
Header set Cross-Origin-Resource-Policy “same-site”
I can’t tell you guys how important it is to be vigilant over the next few months, you will be distracted with holiday events and other social engagements.
If not already, you will be bombarded with scam phone calls and emails. Please! DO. NOT. RESPOND. to those emails and phone calls. Mark them as SPAM and/or phishing and delete them.
The most recent examples relating to phone calls are for people looking to get your social security number, Medicaid, and credit card information. It will be a foreign sounding individual with a “normal” sounding name, like “Robin” or “John” – Hang up on that person immediately!
The most recent examples relating to scam emails is someone “responding” to an email and BCC’ing you with a “what’s this” or “what is this” and below will be an invoice looking for payment. Mark as SPAM and DELETE THIS EMAIL!!!
There will be variations of this theme, but it is all the same, they want your money and your personal information so that they can trick other individuals to give them their money!
IF you use a password manager like LastPass, I strongly urge you to change all your passwords and keep them in either a different password manager or in a notebook in a safe place in your home.
Hacking is serious business, with serious consequences for those not careful to avoid from being hacked.
It is up to everyone here to keep your organization safe.
Dang it! I also locked myself out of the webadmin on Sophos UTM 9.2 while trying out their OTP function with Google Authenticator.
Here’s how I fixed this problem:
Login to the Firewall Console Interface as root
at the / type
then auth and press enter,
it will list out:
Type otp and press enter,
it will list out:
Type facilities@ and press enter,
Type -0 and press enter, where it will redisplay (in this case)
Login as admin to your firewall via the webadmin!!!