Listen to the news, you will hear more about cyber attacks than years past. Major department stores losing customer information, the HeartBleed issue, websites being hijacked, and much more.
One thing you may have considered safe was your banking information. However, there are ways for hackers to steel your personal information, including your bank account log in credentials. There is no such thing as security any more.
Here is an article that expounds on the cyber attacks via the Russians. Specifically WordPress Blogs.
One general rule of thumb is to change your passwords frequently and always encrypt them. Use a password generator and mix in characters, alpha: caps and non, and numbers. Then make a note somewhere so you have access to it at all times. Use a different password for each account. I know a pain in the ….. But, it is a matter of security and no one is exempt, no one.
On ward and up ward.
I have added a couple of plug ins to my blog to stop the tedious work of checking spam messages and users against the real deal.
How do I know the difference?
Spammers comments are jibberish for the most part. Phrases and full paragraphs do not relate to the topic they comment is linked to.
Membership spam is the same. Automated and not real email addresses.
For my real life people, I know it can be tedious. Drives me nuts when I get the code wrong. But I always complete it. I hope you do the same. As a blog owner I understand the need.
I have held out long enough.
With comments, once you are approved you will never have to enter the code again. Same with once you become a member. 🙂
Have a great day. More to come.
When my blog was hacked, both of them, I went in search of security. I found it. WordPress Firewall 2, thank you Matthew Pavkov, I continue to donate to the cause when I can.
The firewall blocks all types of attacks. There are those who search for weaknesses in your WordPress blog. Matthew has a full page dedicated to what and how these exploits work.
Since I added the firewall I have received at least 20 notifications, I know more, of attacks to my blog. Funny only this blog, not my other one, yet. There is always a yet.
I check the IP locater to see if it is someone I know, the type of attack in case it was me making changes that triggerd the firewall. So far no, nada, not, me who has triggered the notifications. The IP’s track to Russia, China, and the USA.
I recently added another plugin so I can set up my books to sell. The next day and since I have received a half dozen notifications. Most track to Russia. Today’s tracked to the USA, looked at Whois and found the company name. The attack is a SQL attack on the plug in. The company it turns out is a branding company. Their motto is “Protecting Brands…. ”
Protection? Of Brands? By???
I sent an email to the admin of the business. Will wait to hear back.
Can you explain to me how an IP address can be hijacked? I am still working to understand the process. It can be exploited by hijackers, ghosted and used to send malicious content. Because of this I will have to block the IP addresses so they cannot contact my site again.
So far there have been none that I would be concerned about since they are corporations that probably would not show an interest in my little biz. 🙂
Do these hackers have nothing else better to do? I mean, think about it, how much more could be made working to stop people like them. Or is that what they are doing? Working to find weaknesses and then building the software to stop it? Just a twisted process in my thinking today.
If you have an answer, I would love to hear it. I am always seeking to understand and make my sites safe for visitors.
Thank you and enjoy your day.
Everyone has their favorite plugins, software, toys, and games. We each share likes and dislikes. Hopefully agreeing to disagree when we do not like what someone else likes? Mmmm.
Each of the following plug ins are free from WordPress.org. However, if you have WordPress installed, simply go to your Plug ins menu and search. I find this way easier and faster. 🙂 Not that I have to tell the veteran bloggers how to install plug ins. 🙂
Those buttons you see at the top of sites or under blog posts that read Share, clicking the button provides a list of social networks. This is one of those plug ins.
I tried a different because it linked in my blog posts, so you could choose which post to share. But, seems the visit plugin sitelink next to the plug in information was to my site and with another piece of code. Not good. Grateful I have security plug ins. Which brings up a great point: Check on the creator, website, ratings, and other information regarding the plug in you want to use.
Now this is probably every one’s favorite. If it is not, it should be. Since installing Akismet I do not get spam comments. Yeah. You know those comments that are gibberish or “gee I like your post.” The links are either bogus or tied to some spammy site. If you do not have this, you should. But if you have one that you like better, great. YEAH…
All in One SEO is created and maintained by SemperFi Web Design. I like the interface of this plug in. It is simple, self-explanatory, and quick. Set up for the blog, each page, each post. Or disable it per post or page. Very little explanation or use instructions required. Except to become familiar with SEO.
The Google Analytics plug in is easier to use and quick to set up. Plug and play, well all most. You need a Googleaccount and to obtain the API key. Still even this is easy to move through. Fill in a few blanks, click and click. Done.
Translate your blog into 58 languages. All with a click of the mouse. No need to configure. You do need a widgetized WordPress theme. Once the plug in is installed, go to the widget page of your blog and click, drag the GTranslate button to the spot on your sidebar. Done. Try it out. View your home page, click the drop down button and select a language. No translator can translate words in an image. Your banners won’t translate. You may want to use the Alternate Text box to include one or two word descriptions in a couple of the more popular languages. The Description is another option to put a few words in Spanish or French, for instance.
What a lot of work posting to every social network. Using the Network Publisher has cut the time in half. I say in half because I am with a couple of social networks that are not included. Manual submission… You need to register, obtain an API key and link your networks to Network Publisher. Once this is done, plug and play. 🙂 With a free account you are allowed four networks.
Drag the Press This button to the toolbar and blog on any web page, picture, social network, any internet site you visit. Simplifies the sharing process. Especially if you are an affiliate. Write a review, publish. Not complicated. Installing the plug in happens in a few seconds.
Now to my life saver. Or blog saver. Since installing the WordPress Firewall 2, the attacks on my blog are decreasing and the hack problem has been solved. At least for now. I learned so much about security and protecting my blog after I was hacked. The funny thing is, the installed links went nowhere. What was the point? Just to aggravate? Really?
I just installed the WordPress Ping Optimizer plug in. Not sure how it is going to help. When it comes to actions like pinging, I am a newbie. A willing newbie, but still. There is a long list of sites to ping. Services you can use, some free, some paid. Or, install your ping optimizer and let it to do the work.
Something I just learned about blogs, each time you make a correction, the service is pinged. This plug in lets you set how often to ping. One ping every 15 minutes or every 45. The longer span is great if you are working on your blog adding new plug ins, posts, etc.
That is it for now. These are my favorite plug ins, so far. Since each one is free I wanted to give a shout to the creators. I appreciate the hard work, maintained security and keeping them updated.
On to the next project.
Recently I made several changes to my blogs. If you read the previous posts you know I was hacked. Oh, joy….
I added Captcha for WP, which means that before anyone can post a comment or register the phrase from Captcha needs to be entered. Let me tell you it is frustrating. I recently created security changes to my computer which meant that I lost my password file, so I had to do a new password and use the Captcha. But, it worked.
Another addition is the WordPress Firewall. This has saved me from a few hacks. An email is sent each time there is an attempt to make changes to directories or blog posts, hacking the sign in, etc. I can review them, then note the change time and date. There is an option to accept the change and record the ISP or deny it by ignoring it.
I have reinstated a few of the other plug ins, one at a time and found that with the Firewall I am now secure. Well, until the hacker figures it out, then back to the drawing board.
To install these plugins to your WP blog go to the “Plugins” on the side bar, click “Add New,” type in the search term and then click install next to the plugin. No downloading and uploading. Easy Peasy. 🙂
I found it funny really that all that hacking and inputting of links through out my blog was to no avail.
I tried a couple of the links and the result is a 404 error page, the page does not exist type of message. So why go to the trouble when the links do not go anywhere? Was it the sport, to prove it can be hacked?
The troubling ISP’s originated from search engines, not local. Two of them that I could derive. My host tracks all visitors, I can review the log entries and trace ISPs. This helped me to determine the issuing ISP. Working with my host company the ISP addresses were blocked. They also increased their security, made some other changes and protected a large number or WP bloggers.
Having a team to work with is a life saver. I am taught what I need to know and so far everyone who’s plug ins I use regularly have been very helpful.
These are only a few of the changes. As I work out the details and learn more I will keep you updated.
Thank you and have a terrific day.