Mossack Fonseca (MF), the Panamanian law firm at the center of the ‘Panama Papers’ may have been breached via a vulnerable version of Revolution Slider. The data breach has thus far brought down the Prime Minister of Iceland and it has surrounded Russian President Vladimir Putin and British Prime Minister David Cameron by controversy. Many well-known public figures have also been implicated. This is the largest data breach in history, weighing in at 2.6 terabytes and 11.5 million documents! Did the law firm not secure their website properly?
WordPress is safe! You take precautions to keep your home, car and other assets safe don’t you? You also have to ensure that you keep your website security updated.
Cyber security companies regularly report on huge password attacks – there can be millions of password attacks in just a few hours.
Scary Data wrt trends in malware, phishing and bad networks:
According to Google’s Transparency Report, Google discovers EVERY DAY thousands of unsafe sites many of which are legitimate websites that have been compromised.
These unsafe sites fall into two categories, both of which threaten users’ privacy and security:
There are almost Half a Million Malware Sites
Malware sites contain code to install malicious software onto users’ computers.
150% Growth in Phishing Sites in 7 Months
Phishing sites pretend to be legitimate while trying to trick users into typing in their username and password or sharing other private information.
Should your website be hacked, spammers will often include a small script on your site that redirects any visitors from your site to a malicious website. The result is that links to your own website end up appearing in thousands or hundreds of thousands of spam emails.
New vulnerabilities and infections appear daily. If spam is not blocked from your website, Google will rank your website lower in Google search and in some instances Google will block your website from appearing on Google search (you don’t want this to happen!). The good news is that you don’t have to manually delete spam – there are effective plugins that do the work for you.
Effective security prevents dangerous websites from linking to your site and it prevents your website from linking to known dangerous URLs that have been banned by Google. As mentioned above, if you link to these URLs you may incur a search penalty or have your website banned from Google search.
Cleaning a hacked site can be both time-consuming and very costly – the worst case scenario is when you loose a website completely without being able to recover it. If you ever lost a website to hacking you realise the importance of having proper protection.
Top Must Do’s to Protect your WordPress Website
Your Device’s IP and DNS
- General > Membership
- General > Discussion
To keep your website safe, update to the latest version as soon as a new release is announced.
Login Security – Password
- Ensure you have a strong password
- Enforce strong passwords among your administrators, publishers and users.
- Include login security to lock out brute force hacks and to stop WordPress from revealing info that will compromise security.
Login Security – Captcha
Install and activate an effective Captcha plugin.
Give your users the correct role
‘Account Management’ > ‘Sessions’: ‘Log Out Everywhere Else’
Install and activate an effective Ban User plugin
- Install and activate Jetpack
- Activate and configure the following:
- ‘Single sign on’
“Guard your site against brute force login attempts. We use data collected from millions of websites to identify botnets and hackers. Through this unique algorithm we’ve already blocked well over ten billion malicious logins.” – Sam Hotchkiss, WordPress Jetpack Team Lead
Comment Spam Filter
Install and activate the most used and effective comment spam filter for WordPress.
Install and activate the most downloaded WordPress Security Plugin – the plugin includes the following features:
Real-time blocking of known attackers
Includes two-factor authentication
- Scans core files, themes and plugins
- Scans for many known backdoors that create security holes
- Continuously scans for malware and phishing URL’s including all URL’s on the Google Safe Browsing List in all your comments, posts and files that are security threats
Scanning posts for known dangerous URLs and suspicious content is extremely valuable to preserve your site reputation and avoid a search penalty in Google. A Blog that you might have posted long ago and that you haven’t done any changes to may not have a problem today, but a few days later a URL that it contains may be hosting malware and you will need to remove this URL from your post or risk being banned by Google. The links that appear in each of your posts are indexed by Google and if you are linking to a site that is banned by Google then your site will likely be ranked lower in the search rankings and your own site may be banned for acting as an intermediary in the distribution of malware.
Includes a firewall to block common security threats like fake Googlebots, malicious scans from hackers and botnets
See all your traffic in real-time, including robots, humans, 404 errors, logins and logouts and who is consuming most of your content
Includes fast WordPress caching engine
Fully IPv6 compatible including all whois lookup, location, blocking and security functions
Major Theme and Plugins Supported
Includes support for other major plugins and themes.
- Plugin Security for multi-site also scans all posts and comments across all blogs from one admin panel.
- WordPress Multi-Site (or WordPress MU in the older parlance) compatible.
Major Theme and Plugins Supported
- Includes support for other major plugins and themes.
- Constantly updates to incorporate the latest security features and to hunt for the newest security threats to your WordPress website.
After installing and activating the plugin will also do:
A complete Scan of your website.
Refreshments: There will be a tea break.
What to bring: a lap-top and a mouse (a tablet is useless for this type of training). There is WiFi at the venue (but bring your 3G/ 4G dongle as backup, should you have one).
Hands-on: This is a hands-on Event.
During this workshop you are going to learn what you need to do to keep your website safe.
Install and activate the correct plugins to your WordPress website and sleep easy.
Tags: WordPress Security Training, WordPress Security Course, Anti Virus, antivirus, attack, block, blocked, cache, caching, caching plugin, cellphone, cellphone sign-in, cellphone signin, code, firewall, firewall security, front-end security, google safe browsing, hack, hackers, hacking, block hacks, spam, IP version 6, ipv6, litespeed, lock, log, logging, login, login alerts, login security, malware, maximum login security, permissions, personal security, phishing, php5-fpm, prevent, prevention, privacy, private, protection, proxy security, reverse proxy security, secure login, secure website, security, security log, security plugin, speed, SQL Injection, two factor security, two-factor, twofactor, users, virus, vulnerability, web server security, website security, wordfence, wordpress cache, wordpress caching, wordpress security, jetpack single sign on, akismet, ban hammer, captcha