About FEEI.CN

About FEEI.CN’s Cybersecurity

Layer	Threat	Protective Measures
Network	DDoS/CC	Set DNS record to gov site
	MITM	HTTPS（SSLLabs Test Score A+）; HSTS; HSTS Preload
Application	XSS	Security Header(CSP/X-XSS-Protection)
	iFrame	Security Header(X-Frame-Options)
	MIME Sniffing	Security Header(X-Content-Type-Options)
	Fronted Backdoor	Security Header(Permissions-Policy)
	SQLi	Change Database Prefix; No sensitive data;
	Brute-force login accound	Custom username; Strong password; 2FA; Disable xmlrpc; Hidden login url; Automatic IP Blocking Brute-Force
	Sensitive data leakge	DEBUG False; Disable PHP Error; Hidden PHP/Wordpress/Nginx Version; Automatic IP Blocking Vulnerability Detection
	Trojan/Mining/Webshell	DISALLOW_FILE_EDIT; Separate user group for static/php files, read-only permissions, no write access except in upload directory;
	0day	Separate user WP-CLI mode for automatic updates of Core/Plugin/Theme to latest version; inotify www directory; Automatic IP Blocking When Web attack;
	Ransomware	Daily Backup of files and database to remote server; Daily backup of ECS Image;
Server	Service Brute-force/Vulnerability	Only 80/443 ports opened; Automatic IP Blocking When Port Scan; Private IP Login with Key; Outbound Internet Access Restriction;

About FEEI.CN’s Speed

Layer	Items	Company	Config/Version	Result
Network	DNS	DNSPod		<60ms
	VPS	Aliyun	4M, Hangzhou(South) + Beijing(North)	<15ms
	CDN	–	–	–
Base Application	Blog Software	WordPress	Automatic Update
	Web Server	Nginx	1.20.1+HTTP2
	Program Language	PHP	8.0.30+OPCache+FastCGI Cache
Software Application	Theme	Typology	Text based with no image required
	Text	Lighthouse	/
	Compression/Text	Minify	/
	Compression/Image	Webp	/
	Compression/Transmission	GZip	All file type
	Async/Text	async	Statis files
	Async/Media	Lazy Load	/
	Cache/Browser	HTTP Cache	no-cache
	Cache/Application	FILE Cache	Page/Post
	Cache/Database	Redis	3.2.12
	Other/URL Redirect	/	0
	Other/Other domains resources	/	0
Speed Test		PageSpeed Insights（Lighthouse）	Performance Score	100
		Pingdom	Performance Score	94

Install

# Env
# System: CentOS 8

# Install PHP
sudo dnf install -y php php-fpm php-mysqli
sudo def install php-cli php-common php-curl php-mbstring php-mysql php-xml
php -v
service php-fpm start
service php-fpm status
sudo systemctl enable php-fpm

# Install MariaDB (Use MariaDB Server Repositories) https://mariadb.org/download/?t=mariadb
# Add /etc/yum.repos.d/MariaDB.repo
# Change to Aliyun mirror
# baseurl=https://mirrors.aliyun.com/mariadb/yum
sudo yum install MariaDB-server MariaDB-client

# Start MariaDB
service mariadb start
sudo systemctl enable mariadb

# Use MariaDB
mariadb -uroot -p (empty password)

# Change root password
ALTER USER 'root'@'localhost' IDENTIFIED BY 'this-is-test'

# Create database
create database FEEI;

# Create use for this database
create user "wp-feei"@"localhost" identified by "thisistest"

# Grant this user for this database
grant all privileges on FEEI.* to "wp-feei"@"localhost";

# Flush
flush privileges;

# Exit
exit

# SELinux httpd_can_network_connect_db
setsebool -P httpd_can_network_connect_db 1
getsebool -a | grep httpd

# Redis
sudo yum install redis
sudo systemctl enable redis
sudo systemctl start redis

# Install WordPress
cd /var/www/
wget https://wordpress.org/latest.tar.gz
tar -xzvf latest.tar.gz
mv wordpress/wp-config-sample.php wordpress/wp-config.php
vim wp-config.php
# Edit DB_NAME/DB_USER/DB_PASSWORD fields
# Edit Authentication unique keys and salts, use https://api.wordpress.org/secret-key/1.1/salt/

Backup

# WordPress Folder
zip -r feei.cn.zip feei.cn/
unzip feei.cn.zip

# Nginx Conf

# Database
mysqldump -u feei -p feei_cn > feei.cn.sql

mysql -u root -p mydb < backup.sql

Notify

inotifywait -m -r -e create,delete,modify /var/www/feei.cn > inotifywait.log&

Changelog

• 2025-10-25 为了更好的使用体验，将博客从阿里云迁移至IDC托管主机。