Importance of Securing WordPress

Internet hackers may be many things, but stupid is not one of them. They appreciate the talents of WordPress as much as you do. In fact, its high degree of user popularity has made it one of their favorite targets.

It’s time to do battle with those Internet bandits, and you can do that by implementing the WordPress security updates Calgary professionals know and trust. You need to stay one step ahead of the hackers, and the timely performance of WordPress security updates can head them off at the pass.

Securing the Database

The WordPress database is one of the hackers’ favorite playgrounds. That’s because it contains your site’s most sensitive information. Such security measures as changing the database prefix, either manually or with the help of a plugin, can aid in foiling them.

Permissiveness Will Come Back to Bite You

When performing WordPress security updates Calgary webmasters must be careful never to give full 777 permissions to any directory, folder or file. Keep the least-risky ones at 755 or 750 and assign 644 or 640 to the rest.

Don’t Give Away the Store

To the hacker, your WordPress version is one of the keys to the mint. WordPress 2.6 and later automatically add the version to the WP_head region, thereby making it visible to anyone who cares to look.  You can manually locate and delete the line of code that does this, or you can use intelligent software that performs this chore for you along with the other essential WordPress security updates Calgary experts recommend.

It’s a Bird; It’s a Plane

On the Internet, a strong username and password can be your Superman, and if you think you’re doing well by logging in as “admin” with the name of your Chihuahua for a password, think again. Those are the first things your friendly neighborhood hacker will try. The proper password protection is vital for keeping them at bay, so if your login specs are weak, fix them.

Your Site May Already Be Sick

A workstation that labors under a malware infestation has already laid out the hacker welcome mat. Regular antivirus scans combined with a strong plan for damage control and disaster recovery are jey components of the best WordPress security software.

Don’t Let it Happen to You

If you’re running WordPress, you’re already under attack. Fortunately, we can provide you with WordPress security updates…a service webmasters have come to trust. We perform the needed maintenance for you. The peace of mind that comes from knowing that your website is safe and protected will be, quite literally, priceless.

Check out our Core4Secured Services today!

 

WORDPRESS Vulnerabilities | Are you safe and have you secured your WordPress website?

The WordPress platform is used by millions of bloggers and businesses and has been under massive bruteforce attack over the past week. Some are speculating whether or not this is just the start of something much bigger. So far according to TechNewsDaily, “90,000 WordPress blogs” have been attacked. Click here to read more.

The primary target of entry has been the login panel, specifically those with “admin” as their username. We all know that keeping any default settings is never a good idea. So why do we do it? Are we lazy? Or do we just think it is not going to happen to us?

Regardless of your answer, the events of this week need to wake up all of us. No longer can this be ignored. We need to take responsibility and secure our websites ourselves. Think of the countless hours of work that has been put in that can be demolished in seconds.

Matt Mullenweg, one of PC World’s Top 50 People on the Web and one of the Founders of WordPress, says “almost 3 years ago we released a version of WordPress (3.0) that allowed you to pick a custom username on installation, which largely ended people using “admin” as their default username”. Read the full article here. So what’s happened? Have people forgotten or is it the huge number of new users that may never have been alerted to this problem?
Matt recommends that, “if you still use “admin” as a username on your blog, change it, use a strong password… and of course make sure you’re up-to-date on the latest version of WordPress”.

One of the bigger questions with this weeks botnet kerfuffle has been around motivation. What do the hackers want? TechNewsDaily reports, “the ultimate goal of the botnet is a mystery; having administrative access to a number of blogs is not that useful in and of itself…however, a network of more than 90,000 compromised machines can wreak all sorts of havoc, especially in denial-of-service attacks”.

InformationWeekSecurity who also reported on this story said that, “successfully exploited sites get a backdoor installed that provides attackers with ongoing access to the WordPress site, regardless of whether a user subsequently changes the password guessed by attackers…exploited sites are then used to scan for WordPress installations, and launch the same type of attack against those sites”. Read more here.

They went on to say, “thankfully, a quick solution to the attacks is at hand: ensure no WordPress site uses any of the targeted usernames, which include not just admin and Admin but also “test,” “administrator” and “root”.

What’s really staggering are the number of attacks. Just read the statement below…

The WordPress “admin” attacks aren’t new, but they’ve recently tripled in volume. “We were seeing 30 to 40 thousand attacks per day the last few months. In April 2013, it increased to 77,000 per day on average, reaching more than 100,000 attempts per day in the last few days” said Sucuri CTO Daniel Cid in a blog post. That means that the number of brute force attempts has more than tripled” (InformationWeekSecurity).

We need a solution and we need one fast. Free plugins are just not going to cut it any longer. It’s time to look to the experts and let them help. HostedinCanada.com and Upfrontbydesign.com are WordPress Security Experts and provide a complete protection, from setup through ongoing updates.

Packages include:
– Daily backup
– 24/7 monitoring
– Quarterly PLUGIN Updates
– Bi-annual CORE Updates
– Special rates on any required edits or fixes related to plugin or core updates. (CORE updates are only done if there is a vulnerability/REQUIRED….but are completed every 6 months.)
– Daily SCAN and checks include:

12 standard weaknesses
21 Advanced weaknesses
Blocking hackers from trying to login. (IP’s are AUTOMATICALLY banned)
626 CORE files (we check core WordPress files against wordpress.org for attached files)
More…
Call today if you have questions. To get a FREE Security assessment and report, CLICK HERE!

Dean Wolf
President – 403-730-2040 #207