Posts Tagged ‘protect’

Sometime last year several of my blogs were hacked and defaced. What basically happened is that someone was able to get admin access to the (hosted) WordPress installations and changed the homepage to one containing a lot of nonsense. These generally contain a lot of words ending on the letter “Z” as well as the words “owned” and “hackorz”. I suspect that access was gained using a “Brute Force Attack” which means that a piece of software tries every password combination under the sun to gain access. It’s automated and dumb requiring very little intelligence, skill or finesse. The fact that I had my user name still set as “admin” didn’t help but the less said about that the better. The next step was that the “hacker” changed the admin username & password effectively locking me out of my account.

So how did I regain access to my blogs and how have a secured my WordPress installs since? Well seeing that my security has withstood numerous attacks daily since then I thought it might be helpful to share this.

Regaining access: I host all my sites & blogs on a server using CPanel. This has a very easy to use visual interface which include good & easy database management. Part if this interface is the PHPMyadmin tool. This is a visual tool for managing the nuts & bolts of your database. It lets you view & edit every cell in a database. Seeing that WordPress stores all it’s information in a database you can look up the cells containing the admin username, password and email. Once you select the correct database you’re presented with a list of tables. Find the right one (it will have “user” in the name) and select the right cell. Then change the username, password and if needed the email and save. Open a tab in your browser and try to login to your blog. Sometimes the change doesn’t “take” the first time and you might have to do it again. Another trick is to only change the email address, then go to the blog login screen and use the password reminder option to have a password modification link email sent to you.

Once you have regained access to your blog and have undone all the changes it’s time to secure your blog. The first step is to choose a better username & password combination. However if you’re like me and don’t want to have to memorize a whole new bunch of logins you can secure it using the following methods also.

wordpress firewall

  1. Firewall: Matthew Pavkov has built an excellent & free WordPress firewall plugin (see above image). You can find it here. The firewall will stop all sorts of malicious attempts to gain access to your blogs admin interface be it through URL-modification of injecting script etc. Install it and play around with the settings. Don’t just switch everything on as it might block some of your other plugins. One of the excellent features is also that you can set it to email you an alert every time it blocks an attack. You will be surprised at the number of times this happens.
  2. Limit Login Attempts: The above doesn’t protect you against brute force attacks. However “jonahee” has produced a WordPress plugin which allows you to limit the number of concurrent login attempts per IP address. This extremely handy plugin lets you set the maximum number of consecutive login attempts allowed from a single IP address before this IP address is blocked (locked out) from trying to login to your WordPress admin account. It also allows you to set how long they will be locked out. Additionally it keeps a log-file of all lockouts. Mine is at 2244 lock-outs since I installed it with multiple lock-outs per IP address. Lastly it will email you a notification every time it locks-out an IP address.

wordpress lockout

 

In my experience these two plugins alone will protect your WordPress install from the most (but not all) hacking attempts. There is no such thing as 100% “hack-proofing” something but I host 14 blogs protected by the above mentioned plugins and there have been no more successful hacking attempts since i installed them. Considering the number of attacks I think that says a lot.

Falling down.

Posted: January 18, 2011 in Uncategorized
Tags: , , ,

No this post is not about the kind of “Falling Down” portrayed above. It’s the kind of “falling down” the leads to the need for knee-patches as pictured below.

See when I was a kid <insert croaky old voice here> we ran all the time. We ran to school in the morning, we ran in the school yard during breaks, we ran home and we ran from our parent when it was bedtime. We also cycled bikes, climbed trees, skated on ice without skates, climbed up and jumped of walls, swung from tree-branches and fairly well did whatever we could in the great big playground that the world is at that age. Obviously this resulted in regular falls leading to busted knees and cracked skulls. Between the age of  8 and 12 I don’t think I ever *not* had a big scab one one or both of my knees. Most of my friends were the same and a substantial percentage of kids had broken one or more bones at some point. I myself still have a big scar on my neck from running into barbed wire, a scarred left arm from 3rd degree burns at the tender age of 6 and a scar on my forehead from running into the corner of a house (don’t ask). And that’s only the biggies.

Now I have my own kids. Five of them even, ranging from 13 down to 4. And while I do not like to see my kids hurt I think that they are very well served by doing what I did (as described above) push their boundaries and learn when you get hurt and when not. It’s all part of growing up and familiarizing yourself with the world around you. There is no better way to learn what is dangerous than by pushing across a boundary and getting hurt. Lessons like that are remembered for life.

So imagine my dismay when my kids come home from school and tell me that they are not allowed to run in the schoolyard, not allowed to go out when it rains, not allowed out when it snows, and not allowed to slide on patches of ice in the schoolyard. When they ask their teacher they are told it’s because of “insurance reasons”. See, we have grown into a society where nothing bad is supposed to happen and if it does one should immediately take legal action to seek compensation for any and all discomfort. We are all entitled to a nice cushy life shielded form any discomforts. Slip on the sidewalk and hurt your knee? Sue the council! Don’t like it that your work colleagues make jokes about your 20 stone ass? Sue your employer. Eat fast food all your life until your clogged up arteries explode? Sue McDonald’s!

Anyway, I digress.

I do however take real issue with children’s freedom to grow & explore being limited. Supposedly for their own good. It is my conviction that in order for children to grow up to become balanced and wise adults that they need to have been allowed to push and explore boundaries while growing up and most of all learn what happens if they step over a boundary. It’s really comes down to the old; you run too fast, you fall, you hurt yourself and it’s nobody’s fault but your own. BEST LIFE LESSON EVER.

Please people stop smothering your children and most of all stop smothering mine!