Slay your WordPress Demons!
Your login page is one of the most common places hackers will target to breach your defenses. If they get past that page somehow, you are in big trouble. There are many webmasters that do not take time to protect the WordPress login page. We have already covered plenty of ways to do so. Login Ninja is another plugin you can take advantage of to protect your important forms and stop brute force attacks.
{ 0 comments }
Continue ReadingMany WordPress webmasters assume that just running their sites with this platform will keep them secure against hack attacks. While WordPress is a fairly secure platform, it is not 100% hack-proof. There are simple things you can do to keep your website protected against attacks though. For instance, you can hide plugin information, secure directories, and protect your config file to keep your site safe. Using top security plugins is a great idea too. Here are 5 plugins that show you how to identify security vulnerabilities in WordPress:
Security Ninja: performs 26+ tests on your website to identify security holes and vulnerabilities. It shows you which areas you need to focus on. [click to continue…]
{ 0 comments }
Continue ReadingLet’s face it. If your admin account is somehow compromised, you are going to find yourself in big trouble. It does not matter how it happens. Your goal should be to make it as hard as possible for others to mess with your site. You may have not noticed this but people do attack WordPress login pages using malicious script and web bots. Limiting the number of times people can make incorrect attempts on your login page not only stops brute force attacks, it helps you identify IPs that need to be banned.
The good news is you do not have to monitor your login pages by yourself. There are a few plugins that can handle the job well. Here are 5 plugins that enable you to limit the number of login attempts on your site:
Limit Login Attempts: one of the best plugins in this category. It not only monitors the number of incorrect login attempts made, it also locks out people who are being too persistent. It logs IPs so you can ban the ones that deserve to get the hammer. [click to continue…]
{ 4 comments }
Continue ReadingGetting hacked is one of the worst experiences one can go through as a webmaster. Unfortunately, no matter how careful you are, there is always a chance that a smart hacker might get around your defenses. That does not mean you should just give up and do not do your best to protect your website against future hack attacks. Fixing a hacked website is not always difficult. In fact, it can be a very time consuming process.
In order to fix your website and get it back to its original condition, you first have to analyze what has happened. Sometimes all hackers do is deface sites and manipulate their .htaccess files. Those are not that hard to fix. Database and server hacks are a bit more consuming to get a handle on though.
Fixing your website is important. But you also need to understand how you were hacked so you can avoid having to deal with the same issue in the future. There are commands you can run on your server to figure out how it was accessed and by whom.
If you are with a decent web host, chances are its team has a guide on how to deal with hacked sites. You do want to pay attention to the date the files on your sites were changed. That helps you identify which files you need to take care of first (I would delete everything though). If your database has been altered, you are better off using a clean backup to save yourself some time in the process. Of course, you can always go through your database and use commands such as this to find malicious content in it: [click to continue…]
{ 4 comments }
Continue ReadingPlenty of web publishers spend the majority of their time creating killer content for their websites. There is nothing wrong with that approach. Content is king after all. But as a webmaster, you should also pay attention to exploits and malware affecting WordPress sites and take measures to prevent your site from getting compromised. Adding a security firewall to your WordPress install may stop many hack attacks. But it won’t stop everything. These 5 anti-malware tools help you keep your website clean and secure:
Sucuri: an affordable web integrity monitor for your website. It detects unauthorized changes to your website and helps you remove malware from it. [click to continue…]
{ 2 comments }
Continue ReadingYour WordPress login page is perhaps the most important page on your website. It is what keeps strangers (hackers) at bay. If your site credentials fall into the wrong hands, your business is going to be in trouble. Thankfully, there are plugins you can install to protect your login process against hackers and crackers. Here are 7 plugins that help keep your login process more secure:
Limit Login Attempts: one of the best ways to keep your site secure against hack attacks is by finding and banning the IPs belonging to hackers. This plugin will notify you of that information as soon as your site is attacked.
WP Login Security: requires all the admins on your website to register and whitelist their IPs. If an IP is not recognized, an email will be sent to the admin’s registered email address with a one time password. Adds another layer of security to your blog.
Login Lock: a complete login protection system that enforces strong password policies, monitor hack attempts, and even bans abusers. Allows forced logouts by admins. [click to continue…]
{ 3 comments }
Continue ReadingI personally do not allow anyone to register for an account on any of my blogs. That approach does not always work though. Sometimes, you are forced to allow registrations on your website if you want it to grow and move to the next level. Most users will respect your website and won’t try to mess with it. But dealing with rogue users should be at the top of your agenda. These 10 plugins let you handle abusive users and keep your business protected:
User Locker: sometimes people just forget their credentials and try different username/passwords out of desperation. But brute force attacks are very real, which is why you should ban abusers with this plugin.
User Spam Remover: this is a powerful plugin that can clean out your database from spammers and accounts that have not been used since their creation. You do have the option to define the time period after which inactive accounts are removed. [click to continue…]
{ 0 comments }
Continue Reading
