Check tld-list.com — I alternate between namecheap and namesilo. In principle I like namesilo better because no upsells, faster no BS web interface, easy editing domains in bulk, and 2fa compatible with Google Authenticator / Authy. But pricewise usually namecheap is hard to beat. Used Google Domains before — it's nice, but overpriced and Google :(

Message the @wipbot "/start". Also see wip.chat/help

Not much tbh. Disabled every port except 80/443, moved ssh to a non-standard port. Have unattended-upgrades switched on to grab security updates automatically... fail2ban, and the rest is obvious: making sure all non-essential app files are stored outside of public_html, being careful about sanitising user input, strictly limiting file permissions concerning public directories, etc. When I have an app worth hacking I'll invest more time into this, but until then it's a bit of a mute point.

Been playing in the level 1 sandbox with #levelsmap and #partialpress during the last month. Attempting to skip a stage (yeah right;) and go straight for level 3 with my upcoming project #rejecty — although if I just manage to crack level 2 I'll be completely and thoroughly over the moon!

Active concern! Doesn't mean I manage to solve every attack vector I can conjure up, but it keeps me awake at night :(