Gospel. Culture. Technology. Music.

Tag: Hack


Security Mashup: Four Steps to Secure WordPress

After working through a number of WordPress sites over the years and either preventing hack attempts or intervening in cleaning up hacked sites, I’ve “engineered” a free way to keep your site secure with the use of these plugins in conjunction:

  1. iQ Block Country: This plugin will prevent certain countries that you set from accessing either the front-end of your site, or (in the cases I use it for almost exclusively) the back-end. For the purposes of the sites I manage, I block all except the United States on the back-end and leave the front-end open to all.
  2. Jetpack: this is a great plugin to utilize anyway just for stats collection, image/CDN offloading, but included within this plugin is the ability to turn on brute force login protection. Another very helpful prevent if these other tools don’t catch something.
  3. WordFence: this free tool (that actually does have a subscription service for even better protection) is a web application firewall for use directly within WordPress. One of the big things it prevents are brute force login attacks, XSS attacks and SQL injection attacks, amongst others. Now, a web app firewall (like ModSecurity or some other hardware appliance like a Barricuda or Cisco firewall) in front of the application itself would work even better at preventing attacks before they even got to your WordPress site (if setup correctly), but can be quite advanced to install and configure. Regardless, this plugin is a great way to keep those kinds of attacks at bay.
  4. Invisible reCaptcha: this utilizes the newer version 3 of Google’s reCaptcha to prevent automated bots from either spamming the comment sections of your posts or pages or from brute force attempts to login to your site as admin.

None of these methods are fool proof from attacks getting through some other threat vector, but I’ve found this to catch quite a bit of junk on all the sites I’ve set them up on.

And one last thing: make sure and secure your site with SSL?!? 🙂

Latest on the Fallout from the CRU Email Leak

Links found on DrudgeReport.com:

Study: Slowdown in warming last year not permanent… (Scientists say, you know, the one’s with a clear agenda)
Rep. Issa: White House refusal to investigate ‘Climategate’ is ‘unconscionable’…
Day Fourteen and Counting: Major U.S. Networks Still Silent…
Danish Speaker of Parliament: Climate Change ‘Very Dangerous Claim’…
Denmark: not as green as you thought…

Also: HOUSTON EARLIEST SNOWFALL — EVER…

Latest on ClimateGate

Found on DrudgeReport:

UK: Pretending the climate email leak isn’t a crisis won’t make it go away…
US: Impression left by emails is that global warming game has been rigged from start…
AUSTRALIA: Five MPs lead the way by resigning in disgust over carbon tax…
NEW ZEALAND: Climate Science Coalition caught lying about temp trends…
RUSSIA: Что скрывают ученые о глобальном потеплении?…
…ONWARD COPENHAGEN!

Glenn Beck on The CRU Hack

I’m not a big Glenn Beck fan, not so much because of the content (since I too am puzzled by many of the same things presented in his recent “questioning” series), but rather I’m not a fan because of the entertainment/drama meets news thing. Regardless, this was worth posting.

Powered by WordPress & Theme by Anders Norén