Sneaky Tricks Hackers Use to Target WordPress

Security is on everyone mind these days, but be careful where you’re getting your information from. Be sure your getting expert advice before you proceed or you could find yourself in trouble.

3 Sneaky Tricks Hackers Use to Target WordPress Sites

The open source nature of WordPress has one downside, and if you’re not careful it could ruin your online business. I know this because it happened to me. Just a few months ago, I had a hacker hijack a WordPress site that was consistently earning me several hundred dollars a month.

The hacker:

  • Blocked all logins from my IP address
  • Deleted 217 pages of content, including over 50 pages of premium membership content.
  • Posted 182 spam articles on my site, all which were visible from the home page and which tanked my search engine rankings.
  • Changed the admin account to their email so that I could not update my password OR get back into the site

English: The logo of the blogging software Wor...

Brute force authentication attacks are pretty simple to avoid – at the server level. If your host doesn’t already provide some form of brute force protection, talk to them about it or get a new host.

If an attacker has the ability to gain control of your site thru a vulnerability on another site on the same server, your permissions are setup *very* wrong. Get a new host.

MD5 and SHA are *hash* methods, not encryption methods. There’s an enormous difference between the purpose, function and operation of these techniques. Notably, hashes are not reversible. WordPress “salts” these hashes to make it more secure. On this point, it would be better for users to ensure they’ve properly created their keys and salts in wp-config.
@3 – You can’t completely control username exposure on multisite, and even on regular wordpress some themes render the username within the output.

@5 – Domain privacy offers NO protection whatsoever. It takes all of a few minutes to file a request with the registrar for the actual data and in many cases they’re obliged to provide it. And most registrars (notably godaddy) that provide domain privacy do so at the cost of not effectively relaying domain contact attempts. This is important because it means that an attacker can send (and they do) fraudulent DMCA takedown notices to the registered “private” domain email address, CC
the registrar and webhost, and since you don’t receive or respond to the message in a timely fashion, your host and/or registrar will disable the site. This is just as bad as getting hacked.

Even if domain privacy did protect your contact information, your site could not operate if your name servers were not exposed, which is how visitors are able to find out the IP address, which is what your point here is really about. There’s no way (outside of perhaps setting up your domain behind a proxy) to prevent direct access to your content.

@6 – If you aren’t familiar with managing wordpress, you probably shouldn’t be responsible for an entire server, and all the other services and applications you would need to maintain for it, either. It would be better to look into a “managed” provider.

@8 – While updating plugins and themes is important, blindly installing updates is not good either. Several times in the past have updated plugins or themes included exploits or security regressions (si-captcha, addthis, w3tc and wptouch for example). If you’re a security-minded coder, review the code before you install updates. If you’re not, you should probably find someone that can help keep an eye out for you.

@9 – The implication here is that just because a theme or plugin is “paid” that it’ll be of higher quality. Sadly, that’s not the case. WPMU.org had an article on this very topic only last year.

While you’ve included some good advice here, too, I’m afraid you’re mixing too much myth and misunderstanding in to be ultimately good for the typical user.

 

 

Enhanced by Zemanta

Big Brother is Watching YOU!

Privacy has become a luxury that few people have the resources to afford. It seems our privacy is to be invaded at every turn. We know from past experience that anything useful and advantageous also has the potential for abuse and harm.

Look out everyone…big brother has arrived in style.

Security Tracking Systems For Today That Keep Up With The World Of Tomorrow

Metuchen, NJ, November 18, 2011

Image representing iPhone as depicted in Crunc...
Cell Phone Detectors

Security in this country is a huge issue; on a national level, and for corporations, prisons and individuals alike. This is where Berkeley Varitronics Systems comes in – a leading provider of advanced wireless solutions and security products to the domestic and international wireless telecommunications industry. CEO Scott Schober is a sought-after security expert who made a presentation at the inaugural Concordia Summit in New York City recently to top level political decision-makers from around the world that included Mikheil Saakashvili – President of Georgia, former Polish President Aleksander Kwasniewski, former President George W. Bush, and Thomas Kean, former Governor of New Jersey.

Schober’s security team was part of the 9/11 first-responders who attempted to locate people buried under the rubble by locating their cell phones. BVS products can be used to detect anything – from people illegally crossing our borders, bomb threats, detecting smuggled cell phones in prisons, to protecting board room secrets of corporate America.

Berkeley Varitronics Wolfhound-Pro cell phone detector has been featured on Fox News. It is a precision, handheld, wireless sniffer specifically tuned to the RF signature of common cell phones for both U.S. and European bands and its high speed scanning receiver allows security personnel to locate nearby cell phones in either standby mode or during active voice, text or data transmissions. Instead of illegal and unsafe cellular jamming signals, this detector prevents wireless usage by detecting and even locating the perpetrator.

This product is vital in prisons where keeping cell phones out is becoming a major problem across the country, but especially in California where state prisoners are being bumped into local jails. Prisoners having access to cell phones is always a serious safety concern, but more so with gang members who use them to contact outside members, intimidate witnesses, or conduct criminal activity from inside prison walls. Cell phones can also be used to relay information on transportation of inmates, by giving date, time and route.

Berkeley Varitronics Systems are featured at all major security events. They were recently a featured company at the 4G World Conference in Chicago, where attendees were offered an opportunity to meet their guest spokesperson, Los Angeles Lakers star Andrew Goudelock. (Please see: Keeping America Safe) They also recently made a presentation at the Chiefs of Police Conference in Kansas where they demonstrated the latest in cell phone detection devices.

Located in Metuchen, NJ, Berkeley Varitronics Systems has been providing advanced wireless solutions and products to the domestic and international wireless telecommunications industry for over 38 years. For more information on this respected company, please visit: Berkeley Varitronics Systems, Inc.

Security Items of Interest

Enhanced by Zemanta

Are you voting for your priorities?

Let’s face it folks, Obama is going to lose this next election. He’s going to lose to whoever wins the Republican nomination. That’s a given. You’d really have to have your head buried pretty deep to not have accepted this by now.

Easy Cheese, with a Birth Certificate!

Frankly, he would lose to a can of Easy Cheese, assuming that it were able to provide documentation to meet the age requirement. I hear you can accomplish that for under $20 online.

So, assuming you’re intelligent enough to accept that Obama is going to lose, your decision is now which Republican from those that are seeking nomination will actually represent you for the next four years.

  • If you’re a progressive, you’re pretty much out of luck.
  • If you’re a RINO, you’ve got quite a few options which, I’m sure, the Mainstream Media  will do their absolute best to pick the best one for you. With so many to choose from, it could take months.
  • If you’re a conservative, there’s only one choice.
  • If you’re a liberal, there’s only one choice. Coincidentally, it’s the same one.

Who? The invisible man, of course!

The Mainstream Media would have you believe that Ron Paul doesn’t exist. That he hasn’t won every straw poll (from Values Voters Summit  to Iowa to Florida). The thing is, he does. Not only does he have a strong following, the highest voting  consistency of any politician in the last hundred years and experience in both his own business and congress, he’s the only potential nominee that could actually gain true bipartisan support – and actually make both sides happy.

Why? Ron Paul supports states rights. He believes government has no business legislating morality, nor imposing upon the rights of human beings. While he is Pro-Life, his position is that government should not be imposing this decision on the states.

Further, Ron Paul is a Christian, but his belief in the separation of church and state is an indivisible principle. Marriage is a religious ceremony, and thus it’s  dependent on the religion to determine what is a compatible relationship. If you take government out of that equation (as it should be), there’s nothing preventing a civil union between members of the same-sex.

Unlike Obama, who has started several wars since receiving his Nobel Peace Prize, Ron Paul would actually  get America  out of the nation building business.  And since there aren’t formal declaration’s of  war for any of them, we’d have most of our men home  within 30 days.  We wouldn’t be invading other nations, either. That’s not to say Dr. Paul is against war. As a former Flight Surgeon in the Air Force, Ron Paul  has served this man’s military and  has  seen first-hand the harm it causes.  Should the USA really police the world? Of course not.

Unlike both Bush and Obama, who increased the invasions into the privacy of ordinary citizens, Ron Paul has consistently voted against any legislation  that violates the premises of our Constitution and Bill of Rights. Ron Paul voted against the US PATRIOT Act (that’s a misnomer if ever there was one), and said “Everything we have done in response to the 9-11 attacks, from the Patriot Act to the war in Iraq, has reduced freedom in America.”

Unlike all the other hopefuls,  Bush and Obama –  Ron Paul  acknowledges the issues of the War on Drugs. A war against a large number of the population simply can not be “won”, and should not be waged.

Ron Paul has also made clear his plans to abolish the Fed, the  Department of Education, the Food and Drug Administration and bring our troops home.

Ron Paul opposes the subsidization of businesses here and abroad, and the government sponsored crony capitalism that it encourages. Cronyism, for example, is why two and a half cents worth of medication can be sold for a profit of 500,000% here in the USA.

Ron Paul supports homeschooling, a balanced budget and developing energy sources here at home, and true fiscal sanity that will encourage business growth and jobs in every community in America, possibly even saving some of those businesses left in the wake of a visit by Obama!

Assuming you haven’t completely thrown in the towel, and you’re not stupid enough to actually want a President Perry, you need to vote for Ron Paul in the Republican Primaries. For that to happen, you have to be registered Republican. Depending on the state you’re in, you need to change parties up to three months in advance.

Change now. Vote Paul. Save America.

 

Enhanced by Zemanta