I was using WPS Hide Admin to hide the login URL of my WordPress sites. That is a critical tool in preventing Brute force attacks. After migrating the sites to HTTPS, WPS Hide Login was not longer working. I found a simple solution to the problem.
If you have a blog or site and want to brand your name, the WordPress author feature can help tremendously. I made a simple change to my four WordPress sites and the Google Search Results changed dramatically overnight.
One of my WordPress sites came under a determined brute force password attack. The amount of traffic brought down the other sites on my shared hosting. I added the IP Geoblock and WPS Hide Logins. I also tweaked the settings for Wordfence. The number of brute force attacks dropped dramatically.
I woke up this morning to see that some of my sites were a bit slow to respond. Shortly after, I was getting a resource limit message from my host when trying to get to the front or back ends of any of the WordPress sites. I checked cPanel and my resources were maxed out.
A standard installation of WordPress works, but it lacks many features that are needed for even a basic site. For any feature that you wish to add, there are usually one or more plugins that will accomplish the task. Plugins are a matter of your needs and personal taste.
Many small business networks are horrendously insecure.
The following is a basic list of things that you should do to secure your network.
Dec 2017 updates are highlighted in yellow Continue reading
Just because you are paranoid doesn’t mean they aren’t out to get you.
My phone started getting a rash of incoming email from 2 WordPress sites I had recently launched. The emails were from WordFence, a WordPress security program. WordFence was identifying brute force attacks from Russia, Poland, China and other countries. As it identified the attacks, it locked the IP of the attacker and notified me. Continue reading
I’ve noticed an increase in the number of Pharma Hacks on Joomla sites.
Many of the hosting companies are scanning their user’s sites and sending notices if the Joomla install is not up to the latest version. They are threatening to take the sites down if the updates aren’t done.
In several cases, I’ve found that the sites have been Pharma Hacked.
What is a Pharma Hack?
Many windows servers and desktops run RDP to allow users to remote into the machine (Remote Desktop Protocol).
The problem is, that there are large botnets that will try brute force attacks on machines running RDP. Once they find an IP of a server, they start trying combinations of passwords. In most cases, they will try administrtor as the user. Continue reading
We have been using the Adminexile extension for Joomla. This is a tool to stop brute force attacks against the Admin account on the back end.
There is a possibility that the legitimate site owner could forget the key. Continue reading