Tip:
Highlight text to annotate it
X
{\rtf1\ansi\ansicpg1252\cocoartf1187\cocoasubrtf340 {\fonttbl\f0\fswiss\fcharset0 Helvetica;}
{\colortbl;\red255\green255\blue255;} \margl1440\margr1440\vieww15680\viewh14500\viewkind0
\pard\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\pardirnatural
\f0\fs24 \cf0 Hello my name is Graham, I'm a Bailbond agent and a Real Estate Agent in
Central California, so I have several sites dedicated to my businesses that I rely on
and manage my self. I want to talk a little about Wordpress security.\
\ Last week I went to log in to one of my wordpress
sites and this is the popup message I got. "Due to botnet brute force login attack, temporarily
use the following credentials to access wordpress". I didn't know how that got there and my first
thought was my site had been hacked, so I checked with my hosting provider and sure
enough they had put it there to protect themselves from the huge botnet attack that was going
on, and still is by the way.\ \
So what's going on? A 90,000 strong I.P botnet is trying to hack our Wordpress sites using
the common "admin" account and some other vulnerabilities within WordPress. This is
all over the internet so don't take my word for it, these are just some of the sites that
have mentioned it recently including the BBC, US Cert which is a government site-- Department
of Homeland Security no less, Net Security.org and SecurityWeek.com.\
\ They look for simple-to-crack passwords and
most importantly for users setup as "admin". They look for easy backdoor access to your
site through old versions of WP, vulnerable themes, plugins and wordpress itself.\
\ I checked around and looked at "wordpress
security" most the weaknesses can be fixed manually if you know code-- it is referred
to as "hardening your site", but for those of us that don't there are several plugins
that can do it. I looked at both the free and paid solutions and there was one that
I like the most, which I'll get to in a minute. I already had a free one installed, which
in my complacency and lack of vested interest (it was free) I had not even enabled it, so
I got rid of it because it looked complicated. None of the solutions seemed to do everything
in one plugin, if they do then they want you to upgrade to a paid plan anyway, one was
for annual payment plan, which didn't sound too appealing.\
\ The one I liked the most is SecureScanPro
- the reason is that you can install it and 2 minutes later you are done and can get back
to work, or blogging, or whatever it is you do on the internet. It has a nifty little
captcha, no they are not those obnoxious ones you can not read, but a simple math question
like 9-3=? It also a timeout feature, I have been getting regular emails saying that someone
has been shut out for not answering the captcha correctly and I know it's not me because my
math is still pretty good. It is reassuring to know that it is working.\
\ You could almost leave your password and admin
the same, but probably better to take an extra minute and change them both to something stronger.
My suggestion is also to use the free features of Lastpass.com to store your passwords as
it is a great cross platform password manager that works across all your devices and truly
the last password you will ever have to remember. And again ... it's free !!\
\ Here's the SecureScanPro website, I installed
on all my sites in a few minutes, it's as simple as a few clicks and turn the red markers
into green now it's back to work and no more worries.}