How to secure your WordPress site against hacker attacks

How to secure your WordPress site against hacker attacks.

via How to secure your WordPress site against hacker attacks.

I recently had my WordPress websites for one of my clients shut down because of the recent increase of hacker attacks.

So I recently installed not only a firewall but one of my favorite plug-ins to limit login attempts.

http://wordpress.org/plugins/wordfence/

http://wordpress.org/plugins/better-wp-security/

http://wordpress.org/plugins/limit-login-attempts/

I was surprised at the number of bots and attempts to break into my humble sites so if you own a wp site ,do yourself a favor and install some security . The number one task is to replace the default admin login by creating another  admin user with a different secure pass username

http://www.pctools.com/guides/password/

Log out and test the new admin user before implementing any of the other security measures.

Cheers

Server Information – D9 Solutions Ltd.

wp-login.php DDOS Attack (In Progress)

Over the past 24 hours there has been a widespread DDOS campaign targeting the popular CMS script WordPress, in particular the file used to log into the admin area of the script; wp-login.php. Large numbers of IP addresses from across the world have been attacking any files they can find, resulting in massive issues for web hosts and the stability of web servers.

The last week has seen probably the largest distributed denial-of-service (DDoS) attack ever. It’s being reported in fairly dramatic terms, with the New York Times and BBC talking about the internet getting jammed or slowed down.

So what’s actually going on? Here’s a rundown of some key points:

A what attack?

DDoS attacks, as the “distributed” part suggests, involve large numbers of computers bombarding a target system with traffic, with the idea being to stop that system from functioning. A bunch of South Korean banks and broadcasters got temporarily crippled by such an attack a week ago, for example.

Read more

In addition  the attacks are now  being used by a “Map” of the WordPress  community to attack and break into anyone with admin as their user name… one of the largest attacks ever and has resulted in many isps shutting down any access to your word press installation .

How you may have inadvertently participated in recent DDoS attacks

The botnets driving the recent distributed denial of service attacks are powered by millions of infected computers. Their coordinated flood of requests overwhelms the Internet’s DNS servers, slowing them down and even knocking the servers offline. The long-term solution for site operators and visitors alike may rely on reluctant ISPs working together.

find out how  you can   protect your site and computer

Read More

Cheers

The Intermediate Guide to Mastering Passwords with LastPass

LastPass is easy, secure, and works across systems and browsers—it’s our favorite password solution. Here’s how to take LastPass further: force saving on uncooperative sites, manage notifications, “rate” your passwords, use two-factor authentication, and more.

If LastPass is intriguing, but you’ve not quite made the jump, consider our previous feature on why it works so darned well. Founding editor Gina Trapani also considers LastPass as the sweet spot between convenient and security, as detailed in this embedded entry from her Work Smart video series:

Once you’ve picked up the basics of importing and storing passwords, Secure Notes, and setting up your browsers with LastPass instead of insecure password storage, you can get more out of LastPass by exploring its features around the edges.

via The Intermediate Guide to Mastering Passwords with LastPass.

For a review and link to last pass

Security Holes Almost Everyone’s Vulnerable To

WEP/WPA Passwords on Your Router Are Easy to Crack

Chances are that your router is using either a WPA (Wi-Fi Protected Access) password or a WEP (Wired Equivalent Privacy) password. Unfortunetly, it’s pretty simple to crack a Wi-Fi network’s WPA password and a WEP password.

Both of these vulnerabilities exist for different reasons. In the case of WEP, it’s as simple as cracking the password with an automated encyrption program (and a lot of time), while in WPA, it’s more about a vulnerability in WPS (Wi-fi Protected Setup) on certain routers. This can be corrected by turning WPS off. If you can’t turn WPS off, you can install DD-WRT or Tomato so you can. DD-WRT should add a nice security layer to your home network.

via 5 Security Holes Almost Everyone’s Vulnerable To.

ScanNow for Universal Plug and Play (UPnP) | Rapid7

The free scanner checks whether your network-enabled devices might be vulnerable to attack through the UPnP protocol.

Recent research from Rapid7 revealed that around 40-50 million network-enabled devices are at risk due to vulnerabilities found in the Universal Plug and Play (UPnP) protocol. UPnP enables devices such as routers, printers, network-attached storage (NAS), media players and smart TVs to communicate with each other. Three groups of security flaws in the protocol are exposing millions of users to remote attacks that could result in the theft of sensitive information or other criminal activity such as spying.

via ScanNow for Universal Plug and Play (UPnP) | Rapid7.

via ScanNow for Universal Plug and Play (UPnP) | Rapid7.