Tag Archives: WordPress Security

Why is Security from Cyber Attack SO Important – How to Protect your Computer, Email and Website

Is Security from Cyber Attack Important?

In my case security from cyber attack is very important as in the past four years I lost two of my websites to hacking and last week I almost lost the entire content in my hard drive. A proper website can take months or even years to create – this means much time and money.

Many of us have heard cases of friends whose websites were hacked and their clients were receiving invoices from the hackers.

Once someone hacks your email he/ she has access to your mailing lists and in some cases to all your computer files as well.

Whenever a hosting company tells you that they will back-up your website – take that statement with a pinch of salt. Yahoo, my hosting company at the time was unable to recover my websites. Also, the back-up I had, was not effective. I will mention about an incredibly effective backup plugin later in this article.

Protect your Computer

  • Protect your computer from Malware. There are various reputable brands, Malwarebytes being one of the most popular. If you opt for the free version ensure that you do a weekly scan.
  • Anti-virus: Again there are a couple of good brands Kaspersky being one of the best. A great feature of Kaspersky is the fact that it shows you if a website is not safe to visit. My friend Niren Singh is using AVG Premium and he is very happy with their service.
  • Use an USB Flash Drive or some other easy, reliable storage solution. Install Cobian backup and have all your computer’s content transferred to your flash drive (or other reliable storage device) automatically and do this regularly.

Protect your email

  • Activate ‘two-step verification’ for your email account. What this means is that additionally to entering the password you must tap on your smartphone to access your email on your computer.
  • Change your password regularly. A note from my friend Andrew Gibb:  “I’ve learnt that long passwords are strong passwords, that special characters (like: !@#+-_ etc), numbers and mixed case (UpPeR and LoWeR) are important but not as important as longer passwords. Remember if you think that you’re going to forget a password, write it down and store it in a safe place – it’s not often that crooks steal physical documents”.

Protect your WordPress Website

  • Ensure you have a website that starts with https://. If your website starts with ‘http://’ change to ‘https:// immediately!
  • On a weekly basis go to your ‘installed plugins’ and update any plugin that needs updating – this takes a few seconds to do.
  • Install and enable a good security plugin. There are various including: ‘WordFence’ and ‘All In One WP Security and Firewall
  • Install and enable ‘VaultPress’ – the best back-up plugin there is (it only costs US$5/ month) and you will sleep easy. This plugin backs up your entire website every 24 hours and should your website be hacked you can restore your entire website at a touch of a button.

Your Developer/ Local IT Store

Keeping your computer, email and website safe is something you can do yourself. Additionally, keep a friendly relationship with your Developer or the Technical person at your local IT store as they are well-equipped to assist you in an emergency.

 

This Week’s Must Read Blogs – 16 May 2017

Hi everyone, a couple of articles I found useful:

Security

New WannaCry Ransomware and How to Protect Yourself

This is another Wordfence public service announcement (PSA) that describes new WannaCry ransomware variants that have emerged in the past few hours and describes how to protect yourself against the WannaCry ransomware, also known as the WannaCrypt ransomware. Read the full article >

Plugins

Useful WordPress Plugins to Integrate Your Site with Google Services 2017

Figuring out how to integrate your WordPress website with a couple of useful Google services? It should not be difficult! There are lots of reliable WordPress plugins that are ready to connect your site with popular Google services. A very interesting article by MottoPress’ Ann Taylor. Read the full article >

New Themes

Photopress

Photopress is a simple WordPress theme for Photographers, Designers & just about any creative out there. Learn more >

11 Examples of Divi Small Business Websites

The world is filled with small businesses and there are more started every day. With that comes the constant need for new websites. There are lots of small businesses websites built with Divi to provide design inspiration for your next project. In this article we will take a look at 11 examples of Divi small business websites to help you with design ideas for your next Divi project. Read the full article >

Hacking 27% of the Web via WordPress Auto-Update

At Wordfence we continually look for security vulnerabilities in the third party plugins and themes that are widely used by the WordPress community. In addition to this research, we regularly examine WordPress core and the related wordpress.org systems. Recently we discovered a major vulnerability that could have caused a mass compromise of the majority of WordPress sites.

The vulnerability we describe below may have allowed an attacker to use the WordPress auto-update function, which is turned on by default, to deploy malware to up to 27% of the Web at once.

Choosing the most damaging target to attack

The server api.wordpress.org (or servers) has an important role in the WordPress ecosystem: it releases automatic updates for WordPress websites. Every WordPress installation makes a request to this server about once an hour to check for plugin, theme, or WordPress core updates. The response from this server contains information about any newer versions that may be available, including if the plugin, theme or core needs to be updated automatically. It also includes a URL to download and install the updated software.

api-normal - Hacking 27% of the Web via WordPress Auto-Update

Compromising this server could allow an attacker to supply their own URL to download and install software to WordPress websites, automatically. This provides a way for an attacker to mass-compromise WordPress websites through the auto-update mechanism supplied by api.wordpress.org. This is all possible because WordPress itself provides no signature verification of the software being installed. It will trust any URL and any package that is supplied by api.wordpress.org.

api-compromised - Hacking 27% of the Web via WordPress Auto-Update

WordPress powers approximately 27% of all websites on the Internet. According to the WordPress documentation: “By default, every site has automatic updates enabled for minor core releases and translation files.”. By compromising api.wordpress.org, an attacker could conceivably compromise more than a quarter of the websites worldwide in one stroke.

Below we describe the technical details of a serious security vulnerability that we uncovered earlier this year that could compromise api.wordpress.org. We reported this vulnerability to the WordPress team via HackerOne. They fixed the vulnerability within a few hours of acknowledging the report. They have also awarded Wordfence lead developer Matt Barry a bounty for discovering and reporting it…

Read the article: Hacking 27% of the Web via WordPress Auto-Update – Wordfence

Wordfence Announces New Firewall

FirewallThis morning at 9am Pacific time we rolled out a new kind of firewall to over 1 Million active WordPress websites.  It comes with a Threat Defense Feed that updates our firewall as new threats emerge. It also continuously updates our malware scan as we discover new malware patterns through our forensic research.

If you have auto-update enabled in Wordfence, you will automatically be upgraded to 6.1.1 today which will include the new features. You can manually update by signing into your WordPress site and upgrading to Wordfence to 6.1.1 or you can download Wordfence from the official WordPress plugin repository

Read the full article >