Whatsapp Two Factor Authentication

There are cases that Whatsapp account being hacked. Whatsapp account is linked with phone number. If our sim card somehow terminated due to inactivity, provider can recycle the number and sell it to others. If the new user install Whatsapp, it instantly gain our account access.

It is better to add additional layer of security by setting two factor authentication. To set Whatsapp two factor authentication:

  1. Open menu by clicking three dots button on top right corner.
  2. Click Settings menu.
  3. Click Account menu.
  4. Click Two-step verification menu.
  5. Click Enable button.
  6. Input pin.

WordPress Security

WordPress’s security is good by default. But no system is safe. There are several steps that must be done to make WordPress secure:

wp-config.php Permission

After installed WordPress, wp-config.php permission is somewhat set to 666. This can be potentially dangerous as wp-config.php can be overwritten by hacker. You must change wp-config.php permission to 400. To change file permission easily using cPanel file manager:

  1. Login to cPanel.
  2. Click File Manager icon.
  3. Click wp-config.php file. Click Permissions menu.
  4. Check only Read on User colom. The result is 400.


XMLRPC is a Remote Procedure Call method that uses XML passed via HTTP as a transport. With it, a client can call methods with parameters on a remote server and get back structured data.

XMLRPC has been a part of WordPress since beginning. XMLRPC enable communication between WordPress and other applications. The code is stored in xmlrpc.php file in the root directory.

Since the REST API was integrated into WordPress, xmlrpc.php is no longer used. XMLRPC introduce security vulnerabilities. Hacker can do DDoS attack by sending large numbers of pingback. This could overload your server and make your site timeout. Each xmlrpc.php request send username and password. Hacker can send brute force attack. There is a chance they could eventually hit on the right one, giving them access to your site to insert, delete, or damage your site.

To disable xmlrpc.php, add following code in your .htaccess file:

<Files xmlrpc.php>
Order Allow,Deny
Deny from all


Macro has helped human ever since. Macro do tedious repetitive task for human. Sometime human jobs are repetitive in same pattern. These jobs can be did by macro.

Macro initially made for games. Many gaming gears equiped with macro function. Macro also has other use for work. Macro can continuously do repetitive task in timely fashion. We can save time by using macro.

Step to set Logitech G102 macro:

Set Laptop Power Button to Turn Off Screen

The proper way to turn off laptop is from Windows menu > Power > Shut down. This considered safer than pressing power button. Power button only used once for turning on laptop.

We can change power button to another more useful function. Screen is the most power consuming component of a laptop. By turning off screen when it is not in use, we can save power. Escpecially when running on battery, this will make battery last longer.

Step to set laptop power button to turn off screen:

Prevent Virus

Today I will share best practices to prevent virus on computer. We need to tweak some settings on Folder Options and Autoplay Settings. I will explain why it is important:

  1. Show hidden files and folders. Virus is usually hidden so normal user won’t see them.
  2. Show protected operating system files. Some virus maker will make their virus as operating system file so it is more difficult to distinguish.
  3. Show extensions for known file types. Virus often trap user by disguise as other file type. Example: the virus icon is image, but actually it is an exe. Next time you see image.exe file, don’t click it.
  4. Disable autoplay. Autoplay is common way virus inject into our computer. When virus contaminated flashdisk is plugged in, the virus is automatically run and infect our computer.

Fix Mouse Double Click

Have a broken mouse double click? Don’t throw it away yet. You can fix it. After repair, mouse will work again like a new mouse.

Under click button, there is a switch. Inside switch, there is a metal spring. Single click registered as double click caused by accumulated dust on metal contact area. Clean it by swiping screwdriver.

Disable Touchpad When Mouse is Connected

Have you ever accidentally click touchpad while typing? This is sometime can be annoying. Touchpad position between hands is prone to accidental click.

All laptops come with touchpad. But we rarely use it. Most of us will still plug in a mouse. We can disable touchpad to save power. The step is pretty simple:

With this failover setting, you can still use touchpad as emergency backup if you forgot to bring mouse. Touchpad will automatically active when mouse is unplugged and vice versa.

Override Windows Default Print Screen Button to Snip & Sketch

After taking screenshot, sometimes we need to crop the image on parts that we don’t want to show. There is more efficient way to do it. Windows 10 come with Snip & Sketch, a print screen tool.

We can override default Print Screen button behaviour to open Snip & Sketch automatically:

Snip & Sketch offer 4 different powerful print screen type:

  1. Rectangular snip. This is particularly useful for showing a part of window.
  2. Freeform snip. This can be useful for liquid shaped object.
  3. Window snip. Use this to take screenshot of a window. Snip & Sketch will automatically crop area outside of window.
  4. Fullscreen snip. Take full screen screenshot.

Print screen result is automatically pasted on Snip & Sketch. We can draw highlight mark if needed. We can also directly share the screenshot as email attachment.


DMARC is Domain-based Message Authentication, Reporting & Conformance. DMARC is an email authentication, policy, and reporting protocol. DMARC builds on the widely deployed SPF and DKIM protocols, adding linkage to the author (“From:”) domain name, published policies for recipient handling of authentication failures, and reporting from receivers to senders, to improve and monitor protection of the domain from fraudulent email.

DMARC is designed to fit into an organization’s existing inbound email authentication process. The way it works is to help email receivers determine if the purported message “aligns” with what the receiver knows about the sender. If not, DMARC includes guidance on how to handle the “non-aligned” messages.

At a high level, DMARC is designed to satisfy the following requirements:

  • Minimize false positives.
  • Provide robust authentication reporting.
  • Assert sender policy at receivers.
  • Reduce successful phishing delivery.
  • Work at Internet scale.
  • Minimize complexity.

Anatomy of a DMARC resource record in the DNS:


How to deploy DMARC:

Email Default Address

It is possible to set a catch all email. Catch any email that is sent to an invalid email address for your domain.

While it seems a good idea to avoid potential customers mistyped our email and lead to sales loss, it’s a heaven for spammer. Because every random email abc@yourdomain.com, xyz@yourdomain.com are valid. Resulting you will receive all spams in your inbox.

So it is the best to leave to default option: discard the email while your server processes it by SMTP time with an error message.