stacks
Defense by Stack
WordPress, Laravel, Next.js, Docker, shared hosting, VPS — the risky defaults in your stack, made concrete.
2026-06-07
Running Next.js safely: not falling behind on published CVEs
The top framework risk is neglected published CVEs. Defend with four pillars: judge by the running version, monitor with Dependabot/osv-scanner, update fast, and run least-privilege. ITD's view: indie devs lose not on knowledge but on operational continuity — win with a system that doesn't miss, not with speed.
2026-06-07
Keeping .env off the public web on shared hosting
The real fix: app body outside the docroot, only public/ exposed. Stop the bleeding with .htaccess, make it permanent by restructuring, then self-check. ITD's view: this isn't one person's slip but an industry-standardized bad pattern — fix it with process, not vigilance. bootstrap-redirect beats symlink.